When getting my Xfinity Internet service transferred, I took up the "special deal" to get a new phone line for a discounted price. After the device was delivered, I received a call to my existing phone to activate it.
Right after greeting the phone agent, my phone receives a text with a 6 digit code, which the caller asks for in order to proceed with my account. I declined to provide it, due to the security hole that scammers can exploit:
- The scammer calls the provider, claiming to be the customer
- The scammer calls the customer at the same time, claiming to be the provider
- Every time the provider asks for account verification info, the scammer repeats the question to the victim on the other line to extract it
Automatically being opted in to SMS based verification is already really annoying, but knowing that the ritual doesn't actually secure anything is extra frustrating.
i dont understand why OTP arent used more instead of these stupid SMS verification methods
My theory is TLAs prefer the digital paper trail. Helps them close the loop on things. SMS being vulnerable is fine, more of an inconvenience to the herd. I suspect this is why a lot of unnecessary info gets emailed to us as well. Little things you know like transfer amounts and itemized receipts.
Yeah... and it is always the most critical apps that do this. Banks, telecom, and health care.
I don't think it is a coincidence that these are some of the most regulated and entrenched institutions. Not blaming statism alone but it's part of the problem not the solution.
The other component is the general Ignorance of the public. We can only go so far without fixing that issue.
even to this wouldnt neccesarily prevent this attack vector. just made me think about it