Scammers Work Around Two-Factor Authentication With Social Engineering

mask.of.sanity writes "Thieves have made off with $45k after they intercepted a victim's two factor online banking codes used to verify large transactions. The scammers got the Australian executive's mobile number from his daughter, and work place details from his willing secretary. Armed with this data, they bluffed Vodafone which ported his phone number, meaning the criminals could verify the bank's two factor verification codes generated during their spending spree and the victim never knew a thing."

Not Thieves

[Anonymous Coward]

They didn't steal anything real.

I don't believe in imaginary property.

Re:Not Thieves

[CohibaVancouver]

I don't believe in imaginary property.

Please send me all your money, via wire transfer. Thank you.

Social engineering is cheating

[Anonymous Coward]

Magically hacking everything is so much more interesting.

Check out CitiBank:

[Anonymous Coward]

CitiBusiness Online [citigroup.com]

I'm in the process of moving everything here as they have the best security I've seen of any bank. Their customers laugh at this article.

Re:Victim never knew a thing?

[srjh]

As someone on Vodafone in Australia, this should immediately have started ringing alarm bells.

No way they'd have the problems fixed in 24 hours.

Re:Victim never knew a thing?

[tdelaney]

Considering it's the Vodafail [vodafail.com] network, a 24-hour outage would be considered normal service.

Re:What's the point of this story?

[Arancaytar]

Also, being broke is probably a pretty good strategy for avoiding these kinds of problems.

If you're not broke, you don't need to worry either, because the scammers can soon fix that.

Re:Social engineering is cheating

[thisnamestoolong]

Yes, but only if you have a gun to your head and are getting a blowjob while you do it...

Re:Victim never knew a thing?

[FatLittleMonkey]

It's disturbing when the scammers have better customer service than the actual phone company.