UK Mobile Phones (uk.telecom.mobile) Mobile telephone equipment and networks.

Reply
 
LinkBack Thread Tools Display Modes
  #1   Report Post  
Old December 12th 18, 09:10 PM posted to uk.telecom.mobile,comp.mobile.android
external usenet poster
 
First recorded activity by MobileBanter: Nov 2012
Posts: 77
Default 5 Live Science Night - Phishing Attacks

We've discussed the insecurity of the SMS text system before, so people
here may be interested in listening to this ...

5 Live Science Night
https://www.bbc.co.uk/programmes/m0001gtq
(non UK Residents may or may not be able to listen to this)

45:19 minutes in: Includes a description of a phishing attack where
potential victims receive a text message pretending to be from someone
they know, including possibly their bank, asking them to go to a
particular website, and enter certain details, which of course may be
their bank login details. Because the phone displays the text as coming
from the pretended source, including being displayed as part of any
genuine previous or ongoing conversation that may have already occurred
with that pretended source, many people are fooled into thinking that
the scam text is genuine. One recent victim lost around £70,000.

  #2   Report Post  
Old December 13th 18, 11:41 AM posted to uk.telecom.mobile,comp.mobile.android
external usenet poster
 
First recorded activity by MobileBanter: Oct 2011
Posts: 383
Default 5 Live Science Night - Phishing Attacks

On 12/12/2018 21:10, Java Jive wrote:
We've discussed the insecurity of the SMS text system before, so people
here may be interested in listening to this ...

5 Live Science Night
https://www.bbc.co.uk/programmes/m0001gtq
(non UK Residents may or may not be able to listen to this)

45:19 minutes in:*** Includes a description of a phishing attack where
potential victims receive a text message pretending to be from someone
they know, including possibly their bank, asking them to go to a
particular website, and enter certain details, which of course may be
their bank login details.* Because the phone displays the text as coming
from the pretended source, including being displayed as part of any
genuine previous or ongoing conversation that may have already occurred
with that pretended source, many people are fooled into thinking that
the scam text is genuine.* One recent victim lost around £70,000.


What's potentially worse is the ability to intercept SMS containing
authorisation codes which are meant to verify the identity of the user.
This is more difficult technically but requires no social engineering
and could well be very difficult to detect it's happeening.
  #3   Report Post  
Old December 13th 18, 07:30 PM posted to uk.telecom.mobile,comp.mobile.android
external usenet poster
 
First recorded activity by MobileBanter: May 2018
Posts: 2
Default 5 Live Science Night - Phishing Attacks

On 13/12/2018 11:41, Someone Somewhere wrote:
On 12/12/2018 21:10, Java Jive wrote:
We've discussed the insecurity of the SMS text system before, so
people here may be interested in listening to this ...

5 Live Science Night
https://www.bbc.co.uk/programmes/m0001gtq
(non UK Residents may or may not be able to listen to this)

45:19 minutes in:*** Includes a description of a phishing attack where
potential victims receive a text message pretending to be from someone
they know, including possibly their bank, asking them to go to a
particular website, and enter certain details, which of course may be
their bank login details.* Because the phone displays the text as
coming from the pretended source, including being displayed as part of
any genuine previous or ongoing conversation that may have already
occurred with that pretended source, many people are fooled into
thinking that the scam text is genuine.* One recent victim lost around
£70,000.


What's potentially worse is the ability to intercept SMS containing
authorisation codes which are meant to verify the identity of the user.
This is more difficult technically but requires no social engineering
and could well be very difficult to detect it's happeening.

Not sure what intercepting an SMS containing an authorisation code would
achieve even if it is possible.

Usually I would be logging into a specific website or doing something on
one. The website then sends a code to my phone so I can confirm my ID by
entering the code in an already open box on the screen before
continuing. If somebody could intercept that SMS what would they do with
the code which is always a one off?

  #4   Report Post  
Old December 14th 18, 02:11 PM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: May 2012
Posts: 72
Default 5 Live Science Night - Phishing Attacks

On Thursday, 13 December 2018 19:30:13 UTC, MikeS wrote:
On 13/12/2018 11:41, Someone Somewhere wrote:
On 12/12/2018 21:10, Java Jive wrote:
We've discussed the insecurity of the SMS text system before, so
people here may be interested in listening to this ...

5 Live Science Night
https://www.bbc.co.uk/programmes/m0001gtq
(non UK Residents may or may not be able to listen to this)

45:19 minutes in:*** Includes a description of a phishing attack where
potential victims receive a text message pretending to be from someone
they know, including possibly their bank, asking them to go to a
particular website, and enter certain details, which of course may be
their bank login details.* Because the phone displays the text as
coming from the pretended source, including being displayed as part of
any genuine previous or ongoing conversation that may have already
occurred with that pretended source, many people are fooled into
thinking that the scam text is genuine.* One recent victim lost around
£70,000.


What's potentially worse is the ability to intercept SMS containing
authorisation codes which are meant to verify the identity of the user.
This is more difficult technically but requires no social engineering
and could well be very difficult to detect it's happeening.

Not sure what intercepting an SMS containing an authorisation code would
achieve even if it is possible.

Usually I would be logging into a specific website or doing something on
one. The website then sends a code to my phone so I can confirm my ID by
entering the code in an already open box on the screen before
continuing. If somebody could intercept that SMS what would they do with
the code which is always a one off?


With some types of online banking, if you forget your login details, as part of the process of helping you to get back in again the bank might send a code to your mobile phone - if someone else has gained access to your mobile phone then THEY will get the code and might be able to get into your bank account
  #5   Report Post  
Old December 14th 18, 02:20 PM posted to uk.telecom.mobile,comp.mobile.android
external usenet poster
 
First recorded activity by MobileBanter: Dec 2018
Posts: 1
Default 5 Live Science Night - Phishing Attacks

On Thu, 13 Dec 2018 19:30:10 +0000, MikeS wrote:

On 13/12/2018 11:41, Someone Somewhere wrote:
On 12/12/2018 21:10, Java Jive wrote:
We've discussed the insecurity of the SMS text system before, so
people here may be interested in listening to this ...

5 Live Science Night
https://www.bbc.co.uk/programmes/m0001gtq
(non UK Residents may or may not be able to listen to this)

45:19 minutes in:*** Includes a description of a phishing attack where
potential victims receive a text message pretending to be from someone
they know, including possibly their bank, asking them to go to a
particular website, and enter certain details, which of course may be
their bank login details.* Because the phone displays the text as
coming from the pretended source, including being displayed as part of
any genuine previous or ongoing conversation that may have already
occurred with that pretended source, many people are fooled into
thinking that the scam text is genuine.* One recent victim lost around
£70,000.


What's potentially worse is the ability to intercept SMS containing
authorisation codes which are meant to verify the identity of the user.
This is more difficult technically but requires no social engineering
and could well be very difficult to detect it's happeening.

Not sure what intercepting an SMS containing an authorisation code would
achieve even if it is possible.

Usually I would be logging into a specific website or doing something on
one. The website then sends a code to my phone so I can confirm my ID by
entering the code in an already open box on the screen before
continuing. If somebody could intercept that SMS what would they do with
the code which is always a one off?


They would be logging in as you, using stolen credentials. When the
2fa sms comes, they grab and use it.


  #6   Report Post  
Old December 14th 18, 02:32 PM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Oct 2011
Posts: 383
Default 5 Live Science Night - Phishing Attacks

On 14/12/2018 14:11, Murmansk wrote:
On Thursday, 13 December 2018 19:30:13 UTC, MikeS wrote:
On 13/12/2018 11:41, Someone Somewhere wrote:
On 12/12/2018 21:10, Java Jive wrote:
We've discussed the insecurity of the SMS text system before, so
people here may be interested in listening to this ...

5 Live Science Night
https://www.bbc.co.uk/programmes/m0001gtq
(non UK Residents may or may not be able to listen to this)

45:19 minutes in:*** Includes a description of a phishing attack where
potential victims receive a text message pretending to be from someone
they know, including possibly their bank, asking them to go to a
particular website, and enter certain details, which of course may be
their bank login details.* Because the phone displays the text as
coming from the pretended source, including being displayed as part of
any genuine previous or ongoing conversation that may have already
occurred with that pretended source, many people are fooled into
thinking that the scam text is genuine.* One recent victim lost around
£70,000.

What's potentially worse is the ability to intercept SMS containing
authorisation codes which are meant to verify the identity of the user.
This is more difficult technically but requires no social engineering
and could well be very difficult to detect it's happeening.

Not sure what intercepting an SMS containing an authorisation code would
achieve even if it is possible.

Usually I would be logging into a specific website or doing something on
one. The website then sends a code to my phone so I can confirm my ID by
entering the code in an already open box on the screen before
continuing. If somebody could intercept that SMS what would they do with
the code which is always a one off?


With some types of online banking, if you forget your login details, as part of the process of helping you to get back in again the bank might send a code to your mobile phone - if someone else has gained access to your mobile phone then THEY will get the code and might be able to get into your bank account

Yes - precisely - sometimes even if you know the username/password they
will send a secondary code to your phone which you then enter. If the
perp has got hold of your username/password and is able to intercept
messasges destined for your phone they will then get access to your
account which is supposed to be secure...
  #7   Report Post  
Old December 17th 18, 09:41 AM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Dec 2015
Posts: 96
Default 5 Live Science Night - Phishing Attacks

On Fri, 14 Dec 2018 14:32:06 +0000, Someone Somewhere
wrote:

On 14/12/2018 14:11, Murmansk wrote:
On Thursday, 13 December 2018 19:30:13 UTC, MikeS wrote:
On 13/12/2018 11:41, Someone Somewhere wrote:
On 12/12/2018 21:10, Java Jive wrote:
We've discussed the insecurity of the SMS text system before, so
people here may be interested in listening to this ...

5 Live Science Night
https://www.bbc.co.uk/programmes/m0001gtq
(non UK Residents may or may not be able to listen to this)

45:19 minutes in:*** Includes a description of a phishing attack where
potential victims receive a text message pretending to be from someone
they know, including possibly their bank, asking them to go to a
particular website, and enter certain details, which of course may be
their bank login details.* Because the phone displays the text as
coming from the pretended source, including being displayed as part of
any genuine previous or ongoing conversation that may have already
occurred with that pretended source, many people are fooled into
thinking that the scam text is genuine.* One recent victim lost around
70,000.

What's potentially worse is the ability to intercept SMS containing
authorisation codes which are meant to verify the identity of the user.
This is more difficult technically but requires no social engineering
and could well be very difficult to detect it's happeening.

Not sure what intercepting an SMS containing an authorisation code would
achieve even if it is possible.

Usually I would be logging into a specific website or doing something on
one. The website then sends a code to my phone so I can confirm my ID by
entering the code in an already open box on the screen before
continuing. If somebody could intercept that SMS what would they do with
the code which is always a one off?


With some types of online banking, if you forget your login details, as part of the process of helping you to get back in again the bank might send a code to your mobile phone - if someone else has gained access to your mobile phone then THEY will get the code and might be able to get into your bank account

Yes - precisely - sometimes even if you know the username/password they
will send a secondary code to your phone which you then enter. If the
perp has got hold of your username/password and is able to intercept
messasges destined for your phone they will then get access to your
account which is supposed to be secure...


If you didn't have access to your mobile phone then it would be a bit
silly to try to reset your logon information using that method.
  #8   Report Post  
Old December 17th 18, 10:52 AM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Oct 2011
Posts: 383
Default 5 Live Science Night - Phishing Attacks

On 17/12/2018 09:41, Chris in Makati wrote:
On Fri, 14 Dec 2018 14:32:06 +0000, Someone Somewhere
wrote:

On 14/12/2018 14:11, Murmansk wrote:
On Thursday, 13 December 2018 19:30:13 UTC, MikeS wrote:
On 13/12/2018 11:41, Someone Somewhere wrote:
On 12/12/2018 21:10, Java Jive wrote:
We've discussed the insecurity of the SMS text system before, so
people here may be interested in listening to this ...

5 Live Science Night
https://www.bbc.co.uk/programmes/m0001gtq
(non UK Residents may or may not be able to listen to this)

45:19 minutes in:*** Includes a description of a phishing attack where
potential victims receive a text message pretending to be from someone
they know, including possibly their bank, asking them to go to a
particular website, and enter certain details, which of course may be
their bank login details.* Because the phone displays the text as
coming from the pretended source, including being displayed as part of
any genuine previous or ongoing conversation that may have already
occurred with that pretended source, many people are fooled into
thinking that the scam text is genuine.* One recent victim lost around
£70,000.

What's potentially worse is the ability to intercept SMS containing
authorisation codes which are meant to verify the identity of the user.
This is more difficult technically but requires no social engineering
and could well be very difficult to detect it's happeening.

Not sure what intercepting an SMS containing an authorisation code would
achieve even if it is possible.

Usually I would be logging into a specific website or doing something on
one. The website then sends a code to my phone so I can confirm my ID by
entering the code in an already open box on the screen before
continuing. If somebody could intercept that SMS what would they do with
the code which is always a one off?

With some types of online banking, if you forget your login details, as part of the process of helping you to get back in again the bank might send a code to your mobile phone - if someone else has gained access to your mobile phone then THEY will get the code and might be able to get into your bank account

Yes - precisely - sometimes even if you know the username/password they
will send a secondary code to your phone which you then enter. If the
perp has got hold of your username/password and is able to intercept
messasges destined for your phone they will then get access to your
account which is supposed to be secure...


If you didn't have access to your mobile phone then it would be a bit
silly to try to reset your logon information using that method.

I said "intercept" which implies that they don't need access to your
mobile phone....
  #9   Report Post  
Old December 19th 18, 09:09 AM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Dec 2015
Posts: 96
Default 5 Live Science Night - Phishing Attacks

On Mon, 17 Dec 2018 10:52:38 +0000, Someone Somewhere
wrote:

On 17/12/2018 09:41, Chris in Makati wrote:
On Fri, 14 Dec 2018 14:32:06 +0000, Someone Somewhere
wrote:

On 14/12/2018 14:11, Murmansk wrote:
On Thursday, 13 December 2018 19:30:13 UTC, MikeS wrote:
On 13/12/2018 11:41, Someone Somewhere wrote:
On 12/12/2018 21:10, Java Jive wrote:
We've discussed the insecurity of the SMS text system before, so
people here may be interested in listening to this ...

5 Live Science Night
https://www.bbc.co.uk/programmes/m0001gtq
(non UK Residents may or may not be able to listen to this)

45:19 minutes in:*** Includes a description of a phishing attack where
potential victims receive a text message pretending to be from someone
they know, including possibly their bank, asking them to go to a
particular website, and enter certain details, which of course may be
their bank login details.* Because the phone displays the text as
coming from the pretended source, including being displayed as part of
any genuine previous or ongoing conversation that may have already
occurred with that pretended source, many people are fooled into
thinking that the scam text is genuine.* One recent victim lost around
70,000.

What's potentially worse is the ability to intercept SMS containing
authorisation codes which are meant to verify the identity of the user.
This is more difficult technically but requires no social engineering
and could well be very difficult to detect it's happeening.

Not sure what intercepting an SMS containing an authorisation code would
achieve even if it is possible.

Usually I would be logging into a specific website or doing something on
one. The website then sends a code to my phone so I can confirm my ID by
entering the code in an already open box on the screen before
continuing. If somebody could intercept that SMS what would they do with
the code which is always a one off?

With some types of online banking, if you forget your login details, as part of the process of helping you to get back in again the bank might send a code to your mobile phone - if someone else has gained access to your mobile phone then THEY will get the code and might be able to get into your bank account

Yes - precisely - sometimes even if you know the username/password they
will send a secondary code to your phone which you then enter. If the
perp has got hold of your username/password and is able to intercept
messasges destined for your phone they will then get access to your
account which is supposed to be secure...


If you didn't have access to your mobile phone then it would be a bit
silly to try to reset your logon information using that method.

I said "intercept" which implies that they don't need access to your
mobile phone....


How can they do that? Everything is highly encrypted until it reaches
the phone.
  #10   Report Post  
Old December 19th 18, 10:22 AM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Nov 2012
Posts: 77
Default 5 Live Science Night - Phishing Attacks

On 19/12/2018 09:09, Chris in Makati wrote:

How can they do that? Everything is highly encrypted until it reaches
the phone.


AFAIAA, the SMS is open to various types of abuse. I have given links
in previous threads about this, and you can find them easily yourself by
searching for something like: SMS security.


Reply
Thread Tools
Display Modes

Posting Rules

Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Phishing Spam from 'Vodafone'? Helen Deborah Vecht UK Mobile Phones 10 August 27th 07 03:55 PM
The Science of RFR Health Risks Lenny UK Mobile Phones 0 May 16th 06 03:58 PM
'Cosmic' baker attacks phone mast Ben UK Mobile Phones 0 December 22nd 04 10:05 PM
Diary note: Animal Science and Sentience Conference London March 2005 J B UK Mobile Phones 1 December 1st 04 05:52 PM
T-Mobile phishing scam? TMack UK Mobile Phones 5 October 23rd 04 12:16 PM


All times are GMT. The time now is 03:03 AM.

Powered by vBulletin® Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright 2004-2019 Mobile Banter.
The comments are property of their posters.
 

About Us

"It's about UK mobile phones"

 

Copyright © 2017