Hey all,
There are different types of 2FA.
One type is the "send an SMS to your phone", which is being phased out as it's too easy to circumvent. The bad guys will bribe / convince a phone provider support person that your number needs to be ported to a different SIM (that they control) and there goes your phone. This has been used in America in a number of high-profile cryptocurrency heists.
Another is an app on your phone that is tied to the 2FA provider (eg: Symantec VIP, Duo MFA, Google Authenticator) and when prompted you can either enter a 6-digit number into the website or respond to a notification on your device. Trouble is, if your username and password are compromised then the bad guys can simply ask for an MFA prompt and then rely on you to press "ok" without thinking. This happens a lot more often than you would think.
As for Nik's comment about getting scam calls - most of them will be robo-diallers. Automated software that will dial hundreds of numbers in parallel and if/when someone answers, the call is routed to a scammer (or you get an automated message). Sadly, the only real option is to ignore any calls from numbers you don't recognise. Not the best option if you're expecting calls from customers!
As for the "Do not call" register, that's a total waste of time. Most of the robo-diallers and scammers are based outside Oz.
If a store asks me for a phone number I usually give a made-up one (if they won't accept "no" as an answer and there's no need for them to ever contact me) and a fake email address to go with it.
There are too many businesses with too much PII on their systems and we need to stand up and say "No" to gregarious requests for PII where they aren't required.
Now, let's get back to talking about astro! That's what we're here for!
Cheers,
V
Quote:
Originally Posted by Nikolas
Problem with 2 factor is if one is required to leave their phone number then that's more personal information that is out there.
I get enough crank calls by scammers which I ignore without furthering this
|