First Direct confirmed customers without Mobile (coverage) now can't use cards online

Mr.Saver

Butch_Dingle wrote: »

Well I would also like to play the game of worst scenarios: god forbid but what if you were burgled by armed robbers at home and they stole all valuables. Using your logic perhaps none of us should keep valuables at home?

That's why we have insurance.

Mr.Saver

Butch_Dingle wrote: »

But can you ACTUALLY provide clear evidence that sms hacking is happening en-masse in Blighty? Otherwise it’s just sheer paranoia. Doing many everyday things in life carries a risk, whether crossing the road, driving a vehicle or travelling on a plane.
Perhaps the only way to totally remove risk would be to hide under the bed forever and never go outside or use technology?

It's not affecting a very large number of people, but those who are affected often aren't billionaires or celebrities. Those criminals target people with bad online security hygiene, because those are easy targets. Don't be one.

Butch_Dingle

Mr.Saver wrote: »

That's why we have insurance.

And believe it or not, all banks will refund you if you’ve been a victim of fraud - provided you were not negligent in any way. Just like your house insurer will reimburse you in the event of a burglary provided you weren’t negligent in any way (eg didn’t forget to lock the doors at night)

Butch_Dingle

Mr.Saver wrote: »

It's not affecting a very large number of people, but those who are affected often aren't billionaires or celebrities. Those criminals target people with bad online security hygiene, because those are easy targets. Don't be one.

So how can those with “bad online security hygiene “ get their SMS hacked?

Mr.Saver

Butch_Dingle wrote: »

And believe it or not, all banks will refund you if you’ve been a victim of fraud - provided you were not negligent in any way. Just like your house insurer will reimburse you in the event of a burglary provided you weren’t negligent in any way (eg didn’t forget to lock the doors at night)

Sure, I fully agree with it, but wouldn't it be better if you could avoid the trouble before it happens? With only a little inconvenience.

For example, add a chain lock in addition to the door lock. It's less convenient, but in the unfortunate event, if the burglars picked the lock, the addition chain lock could stop them.

I'm not saying that you should not use the SMS authentication or smartphone based secure key, they are still better than not using anything at all. All I'm saying is from the security point of view, those are less secure than a physical secure key or card reader. Neither of them are 100% safe, but when you have the choice, you should consider to use a (theoretically) safer one if it's available, especially for an important account holds large amount of cash in it. You don't have to, as long as you know and accept the risks.

Mr.Saver

Butch_Dingle wrote: »

So how can those with “bad online security hygiene “ get their SMS hacked?

If you are interested in the details, search SIM swapping or SIM hijacking would give you plenty of results.

In short, criminals get phone numbers from a data breach, and filtering out those with potential value for them. Once they narrow down the targets, they will preform a SIM swapping to gain access to the phone number, and use it to reset the original owner's passwords on many websites (Gmail, Facebook, Coinbase, etc.), then either make a gain directly from the hacked accounts, or use it to blackmail the original owner.

The bad online security hygiene part in the above attack would be using weak multi-factor authentication (MFA) such as SMS or not using MFA at all. A strong MFA would stop the criminals from going any further, even they managed to hijack the SIM and reset the passwords, they still can't login. Of course, for those people at risk, they should also considering use separate phone numbers for different categories of things.