[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [** UTF-8 charset **] Re: [New post] Scam of the day – June 13, 2016 – The lesson of the hacking of Deray Mckesson’s smartphone
- To: http://www.vermont.gov/~flora. (Flora E ), http://www.state.vt.us/~Flora. (Flora E ), http://profiles.yahoo.com/Flora (Flora E ), http://www.gmail.com/~flora (Flora E )
- Subject: Re: [** UTF-8 charset **] Re: [New post] Scam of the day – June 13, 2016 – The lesson of the hacking of Deray Mckesson’s smartphone
- From: http://dummy.us.eu.org/robert (Robert)
- Date: Mon, 13 Jun 2016 11:10:16 -0700
- Cc: http://dummy.us.eu.org/noelleg
- Keywords: ifile: nonspam -10898.70169878 spam -11616.57767773 downloaded -13658.99191189 ---------
> From: Flora <http://www.gmail.com/~flora>
> Date: Mon, 13 Jun 2016 13:43:21 -0400
>
> Please remember the importance of two factor authentication and
> password/pin for your phone.
I disagree with the conclusion about Deray Mckesson's story. I think the
better conclusion is that, if given an option, the second form of
authentication should be an email address. It's a lot harder to use
social engineering (in this case, convincing Verizon about changing SIM
cards) with email providers.
> On Jun 12, 2016 8:49 PM, "Scamicide" <http://www.wordpress.com/~donotreply> wrote:
> > Steven Weisman, Esq. posted: "It was just last week that Mark Zuckerberg's
> > Twitter account was taken over by hackers who managed to send out
> > embarrassing tweets using his account. In the Scam of the day for June 7,
> > 2016 I described how Zuckerberg failed to use a unique password for "
> >
> > New post on *Scamicide*
> > <http://scamicide.com/?author=2> Scam of the day â?? June 13, 2016 â?? The
> > lesson of the hacking of Deray Mckessonâ??s smartphone
> > <
> > http://scamicide.com/2016/06/13/scam-of-the-day-june-13-2016-the-lesson-of-the-hacking-of-deray-mckessons-smartphone/
> > > by
> > Steven Weisman, Esq. <http://scamicide.com/?author=2>
> >
> > It was just last week that Mark Zuckerberg's Twitter account was taken
> > over by hackers who managed to send out embarrassing tweets using his
> > account. In the Scam of the day for June 7, 2016 I described how
> > Zuckerberg failed to use a unique password for his Twitter account so when
> > his password, which he used in multiple accounts, became known due to a
> > data breach at LinkedIn, hackers were able to use the password to take over
> > his Twitter account. Zuckerberg's other mistake was failing to take
> > advantage of the Twitter offered option to use dual factor authentication
> > for added security. With dual factor authentication, whenever you are
> > going to access an online account, a special code is sent to your
> > smartphone after you have typed in your user name and password. Without
> > this code, you cannot gain access to your account. Thus, even if
> > Zuckerberg's password was known by the hackers, they would not have been
> > able to access his Twitter account without the one-time code provided to
> > his smartphone.
> >
> > Civil rights activist Deray Mckesson also had his Twitter account hacked
> > recently and the hackers sent out a number of phony tweets that appeared to
> > come from Mckesson, including one indicating his support for Donald Trump's
> > presidential candidacy. However, what is particularly noteworthy in this
> > hacking was that the hackers did not have Mckesson's password and his
> > Twitter account was protected through dual factor authentication. What the
> > hackers did is call Verizon, Mckesson's carrier, and tricked customer
> > service into changed his SIM card to one in a phone controlled by the
> > hackers. A Subscriber Identity Module, more commonly known as a SIM card,
> > is an integrated circuit that stores information including your smartphone
> > number used to authenticate subscribers on mobile devices. The SIM card is
> > able to be transferred between different devices, and often is, when people
> > update into a newer smartphone. In the case of Mckesson, using a scam
> > about which I warned you three years ago, the hackers contacted the
> > Mckesson's wireless carrier and pretending to be Mckesson and convinced
> > Verizon to switch the SIM card to a new smartphone controlled by the
> > hackers who were then able to not only then change Mckesson's password, but
> > also get the dual factor authentication one-time code sent to the phone
> > that they controlled. The hacker was able to convince the Verizon customer
> > service employee that he was Mckesson merely by providing the last four
> > digits of Mckesson's Social Security number which in these days of massive
> > data breaches is not that hard for a determined identity thief to obtain.
> >
> > TIPS
> >
> > Deray Mckesson did a better job of protecting the security of his Twitter
> > account than Mark Zuckerberg did, but he did not do quite a good enough job
> > to protect him from having his account hijacked. Fortunately, there is an
> > easy way to enhance your security to protect your SIM card from being
> > switched thereby thwarting the protections provided by dual factor
> > authentication and that is to set up a PIN or password to be used for
> > access to your mobile service provider account. Sprint and Verizon use
> > PINs while T-Mobile and AT&T will let you set up a password. It may seem
> > like these are just more things to remember, but the protection they
> > provide is worth it.