Abstract According to the Guangzhou police, recently, many police received a report of a class after another strange case, a lot of people find the phone received a lot of code and bank debit SMS the morning after, and even online banking user name and password APP also has been tampered with, lost heavily. User @ç‹¬é’“å¯’æ±Ÿé›ª:3...
According to the Guangzhou police, in the near future, many local police have successively received a class of defamation cases. Many people found that the mobile phone received many verification codes and bank debit memos after they got up in the morning. Even the online banking APP login account and password have been tampered with, and the loss has been lost. heavy.
Netizen @ç‹¬é’“å¯’æ±Ÿé›ª: Woke up at 5 am on the 30th, I found that the mobile phone has been in shock, and I have received more than 100 verification codes, Alipay, Jingdong, and Bank. I was so scared that I went to see Alipay, Yu'ebao and the associated bank card and found that the money was turned away. Jingdong also opened the function of white strips and gold bars, and was borrowed more than 10,000.
Netizen @æˆ‘æœ‰ä½ æœ¬å: I was like this yesterday, the tuition fees were all turned away, now crying can not cry, more than 15,000 yuan is missing.
"GSM hijacking + SMS sniffing" new technology scam
According to the police, the scammer can obtain the content of the user's mobile phone message in real time through this technology, and then use the technical loopholes and defects of major well-known banks, websites and mobile payment APP to realize crimes such as information theft, fund theft and online fraud.
The specific implementation process is as follows:
First, the scammer automatically searches for nearby mobile phone numbers through special equipment, logs in some websites or applications with your number, and then uses SMS Short Message Sniffing Technology to intercept the verification codes sent to you by these websites and applications.
Second, by logging in to other websites, the scammer will collide with your identity information, calling it â€œcollision libraryâ€ (that is, collision between multiple databases), matching your identity information, including ID card, bank card number, Mobile phone number, verification code and other information.
Third, the scammer opens an account on some platforms and binds the owner's bank card, pretending to be the owner of the consumer or cashing, thereby stealing the bank card funds.
In addition, most of the gangs chose to commit crimes in the early morning, and they did not need to contact the victim directly. Therefore, most of the victims were unaware of theft of funds, and they only woke up with inexplicable verification codes on their mobile phones. When you wake up, the savings have already flown away.
Originally, this technology is mainly for 2G GSM signals, but the trick is that they will interfere with the nearby cell phone signal, so that 4G becomes 2G signal, then steal your SMS message.
Dozens of crimes originated from information disclosure
According to the Guangzhou police, as of June this year, the Guangzhou police have successively cracked many such cases. After the investigation, the Yuexiu police conducted a network-receiving operation on a high-tech telecom fraud gang using special equipment and arrested three suspects. It is reported that the gang has committed 16 cases since June.
The police said that this approach can succeed. "The root cause lies in information leakage." It calls on major operators and enterprises to adopt effective technical means as soon as possible. Banks and financial apps can consider other two-way authentication aids to improve safety and efficiency.
It is understood that the method of using such new pseudo base station fraud is to exploit the loophole of the mobile phone signal protocol, which is basically unpreventable for ordinary users, and also brings great challenges to the police's detection work. However, such technologies are limited by hardware and principles in specific practice, and cannot temporarily cover too many mobile phone numbers, so the number of victims is relatively small.
Payment verification upgrade night multi-purpose flight mode
According to the police, the verification code text message is leaked because it is in plain text. At present, most payment and banking apps often have picture verification, voice verification, face verification, fingerprint verification, etc. With the secondary verification mechanism, security is gradually upgrading. If the verification code is leaked alone, the problem is not big. The majority of the users in the move are because they have also leaked other important identity information such as the ID number, so the overall crime success rate is not high.
For this new criminal means, remind everyone to pay attention to these following points:
1. It is necessary to protect sensitive personal information such as mobile phone number, ID card number, bank card number, and payment platform account number.
2. Shut down before going to bed or set the flight mode, or turn off the mobile phone's mobile signal, only connect WIFI, which can slightly improve the difficulty of being sniffed.
3. If you get up in the morning and see a strange verification code message in the middle of the night, you may be experiencing SMS sniffing attacks, and quickly check your bank card and payment application. At this time, if the money is found to have been stolen, the bank card will be frozen quickly, the content of the message will be kept, and the alarm will be given.
4. If you suddenly find that the mobile phone signal becomes 2G, immediately realize that you may be experiencing this kind of attack and take the above defense.
In addition, according to netizens, some bank APP security features can be prepared for this, such as opening common device management to avoid being logged in.
56 Inch ABS Ceiling Fan
Ceiling Exhaust Fan,Big Ceiling Fans,Remote Fan,Crystal Ceiling Fan
JIANGMEN ESCLIGHTING TECHNOLOGY LIMITED , https://www.summerwindfan.com