Tips from my “hacked” experience
==============
In a prior post, I recounted how I got hacked …
A perp hijacked my cell phone numbe, used it to breach my BofA bank account and withdrew a statistically significant amount of money.
For details of the sophisticated hack, see:
I was HACKED … and my story is worth reading!
==============
The first lesson that I learned (again) is that cell phones are the weakest link in online security.
Step #1 is to secure your phone with — at a minimum – a passcode.
Yeah, it’s an annoying inconvenience, but…
It’s not just to keep kids from grabbing your phone to play games … or keep peering friends & family from sneaking a peek at your texts and emails.
If you lose your phone (or have it stolen), it buys you some time to call your carrier and de-activate your number.
An amateur may get stymied trying to guess which of the 10,000 possible 4-digit numeric codes you use on your phone … a hack-pro can eventually crack the code, but it takes time & effort, so it buys some time … and the perp may just toss the phone and hunt for a non-passcode phone.
Of course, if your phone is equipped with fingerprint or facial recognition, consider using it.
It adds to the inconvenience, but it ups your phone security by orders of magnitude.
============
Why is this important?
If perps can open your phone, they can see where you have accounts.
For example, they can scan text message alerts that you’ve received from your banks and credit card companies.
Bingo, they know where you keep your money.
Then, they can go to the banks’ web sites and simply click “Forgot user ID & password “.
The bank will likely recognize the device (remember, the perps have your phone) … and, if you’ve activated 2-factor authorization, the bank may unwittingly send the 2FA code to your phone … which the perp is holding in his hand.
BINGO … account breached … and the perp is off to the races.
==============
P.S. My phone wasn’t lost or stolen. It and my number) were hijacked when my carrier “sold” a perp a new iPhone, charging my account and over-riding my activation with the fraud purchased phone.
My bet: A likely “inside job”.
You (and I, now) are way more likely to lose our phones (or get them stolen) than getting them hijacked … which is why passcode protecting them is important.
Again, doing so may cut off some easy paths to your accounts … and may at least buy you some time to contain possible financial damage.
=============
P.P.S. If you have any anti-hacking ideas, please post a comment or email me.
The Homa Files 
August 5, 2022 at 7:11 pm |
Hi Ken
With a 4 digit passcode you must have an old phone. At 4 digits it must be 3G.
One suggestion is get a new phone. my password code is 6 digits. 3G here in Texas won’t be supported after Jan 1 so Linda had to get a new one.
Suggestion 2 is don’t answer any text messages or emails from senders you don’t know. If you answer, they can install malware which can capture all kinds of info off your phone.
Happy to hear the bank is replacing the funds they took.
Love the columns, especially the EV discussions. This country is not prepared to convert to EV autos. The current power grids have difficulty handing current power requirements. Need new power plants if this is to happen and a conversion program.
Da Cuz
Da Cuz