- 13Shares
Protecting your money is as important as growing it.
Imagine you check your Instagram account and discover you’re locked out. You attempt to reset the password but are denied. You check your email and see a series of messages indicating that your account password was changed, along with the phone number associated to your account. Worse still, you check your phone and it’s offline. No signal, no bars. The last email you read is from an address you’ve don’t recognize and simply says, “You’re f**cked. Try and get your Instagram account back and I’ll post your personal info all over the web”.
You stop to catch your breath before checking your bank account.
What Just Happened?
To truly comprehend what is going on, you have to understand an online world in the background of how most of us are using it on a day to day basis. A world that includes terms like OG handles, doxing and hype beasts. Ask many teenagers and they are familiar with all of these terms already. The rest of us just got a whole lot older.
In the example above, you’ve most likely been a victim of a SIM Swap. A hacker has used personal information gathered using any number of means to obtain a new phone and SIM card with your phone number. Using that new phone, your email address and some basic information, he has been able to take control of less secure apps on the device by requesting new passwords via the two-factor authentication process. If you have a common password or have compromised data from a data breach, he may also gain access to more secure apps, including your banking information.
How Do Hackers Get Their Information?
There are multiple ways for hackers to access your data that are even easier than a SIM card swap including:
1. Existing online data: There is an abundance of information about us on the web. This can range from name and address, to old tax records, our siblings and more if you know where to look.
2. Hacking: There are numerous ways to get someone to provide sensitive information about themselves, using simple phishing emails, phone calls and more. Also using some basic coding script and a list of the top 1000 passwords, hackers can easily access your personal accounts if you are lax in your choice of password.
3. Buying it: There have been numerous large scale data breaches that occurred over the years, including the most recent involving 500 million guests of the Marriott hotel chain. This data can be bought and sold on numerous sites on the dark web (e.g. Dreammarket) for as little as $10.
It is important to realize that while this data may not reveal the specific password(s) a hacker is looking for, discovering one password can yield a huge payday as many people use the same password for multiple platforms. This data can also be used for duping unknowing customer service reps into providing password resets for other other platforms.
Note: There are resources to check if you accounts have been compromised such as https://haveibeenpwned.com/.
Once a hacker has enough information, they then contact phone carriers and attempt to have a new phone issued to them with your number. Taking control of your phone circumvents the two-factor authentication set up as a safeguard to protect accounts if the users login and password are compromised. The limits to what a hacker can do once they have control of your phone and your accounts is scary. These can include requesting new credit cards, unauthorized wire transfers, opening new credit card and bank accounts, taking over your social media accounts, accessing any crypto-currencies accounts and more.
Hackers also have the ability to wreck havoc on your life and will threaten to do so, if you try and regain control of your accounts or report them. These can range from “Doxing”(i.e. publishing all public and private information about you online), “Swatting”(calling in fake police reports to your house), to transferring home ownership, and outright extortion.
OG Handles
Some hackers are interested not on your banking info, but instead on something that can be even more valuable, like your social media account username. Just like collectible sneakers and sports jerseys, special social media usernames (or “handles”) are bought and sold online for huge amounts of money (from hundreds to the hundreds of thousands). The simplest and coolest handles (e.g. “Twitter/A” or “Instagram/Dragon”), are extremely sought after as they are thought to be powerful for branding purposes and attracting large user followings. These are referred to as “OG Handles”, as in “original” or “original gangster”. Social media platforms do not condone this type of behaviour and so most trading is done clandestinely on sites such as OGUsers.com.
Celebrities, sports figures and corporations may all be buyers of these unique and desirable online assets. Many of these handles are bought as vanity gifts to win favour with girls by offering them a premium social media handle (Take that, Ryan Gosling).
How to Hack a Bank Account
This information is provided for individuals to better understand how hackers gain access to accounts.
1) Search the web for available data and buy hacked private data online. If you can locate any user’s passwords, be sure to try them in multiple applications. Open a Bitcoin account to transfer funds.
2) Learn coding or ask a coder to write you a basic brute force (trial and error) password hacking script for the account you are trying to access.
3) Once you have some basic information, reach out to various phone companies and request a new Sim card and phone for the designated phone number using all available information. If you know of a connection you can pay off, even better.
4) Once phone is connected, download all apps and send requests for new passwords – be sure to have all available information available. Work quickly – platforms may revert back once users realize what has happened.
5) Send email to hacked account and threaten terrible things if they try and get their accounts back.
6) Quickly transfer bank account dollars, order credit cards, and sell any cool OG handles.
Protecting Yourself From Hackers
Ask any bank robbing baby boomer and he’ll tell you that back in his day, if you wanted to rob a bank you had work for it. But that was then, and the benefits of the digital age are not just the sole property of the good.
Hackers aren’t just super tech geniuses overseas. Many are bored teenagers, looking for kicks and easy cash to buy drugs and designer labelled goods to impress others (these are known as “Hype Beasts”).
Understanding how hacking occurs and following some basic best practices can help ensure you don’t become a victim. The good news is that there are a number of ways to help guard against this.
1. Ensure your passwords are not among the most common and you follow standard best practice protocols (upper and lower case, numeric, etc).
2. Add a passcode to your cell phone account –this is separate from your logon and password and must be used when porting your Sim card from one phone to another.
3. Use separate passwords for your banking and social media accounts – ensure the passwords are different and follow the rules of good password creation.
4. Switch to a Voice over IP account (VOIP) which are Sim card-less to link to accounts you consider vulnerable. An example of this is GoogleVoice number. You must protect this number and password as well, but as it is Sim card-less, you don’t need to worry about a Sim swap.
5.Purchase a USB based physical token like the Ubikey or Google Titan security key.
Links and Resources
“No Reply” Podcast #130 – The Snapchat Thief (An awesome podcast series)
https://www.gimletmedia.com/reply-all/130-lizard
Articles on SIM Swap Fraudsters and OG Handles
https://selified.com/its-time-banks-face-up-to-the-sim-swap-fraudsters/
https://www.thesouthafrican.com/sim-swap-scam-heres-what-you-need-to-know/
https://www.theguardian.com/technology/2018/apr/17/selling-twitter-handles-big-business-identity
https://motherboard.vice.com/en_us/article/j5bpg7/sim-hijacking-t-mobile-stories
https://www.digitaltrends.com/mobile/sim-swap-fraud-explained/
Search across multiple data breaches to see if your email address has been compromised.
https://haveibeenpwned.com/
How to Port Your Number to Google Voice
https://www.cnet.com/how-to/how-to-port-your-landline-number-to-google-voice/
Photo by Santeri Viinamäki, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=53153294