• Ian Ippolito

Hackers easily stealing $ millions from investors and consumers -- using only a phone number


It took only 7 minutes for Jared Kenna to lose the nest egg he'd spent over 2 decades accumulating. As he watched in stunned horror, a hacker cleared out his PayPal account, bank accounts and bitcoin accounts as easily as flicking a switch. When it was finished, Kenna, who was an early participant in bitcoin, lost millions of dollars. He'll never see a dime of it back again.

Your antivirus won't save you here Kenna was no computer dummy and had taken all the usual precautions (antivirus, didn't click on phising emails, strong passwords, etc). But in the end it didn't matter. Even after doing everything "right", all he could do was watch his money disappear. That's because the hacker used a new cell-phone-number theft method that doesn't require the victim to do anything wrong themselves. Widespread epidemic And Kenna is not alone. Hundreds of computer savvy people including C level executives, venture capitalists, technologists and investors have been targeted and robbed by this hacking scheme.

In addition to taking money, hackers have also stolen embarrassing / confidential information from social media and online storage services and blackmailed users with it. If their demands are not met, they will post real or even fake information on social media accounts that can be damaging to the victims. According to this article from Forbes, they've also put at least one person in physical danger.

How do they do it? The scheme relies on 2 things. First, it's shockingly easy to steal someone's cell phone. And 2nd, once the hacker does this they have the keys to the kingdom. They can click on the "forgot password" feature on all financial and social media accounts, to quickly gain access to them. Here's how both of those work.

"Bad telco!" 1st, the hacker gets some readily available information about you, such as your address, phone number, birthday or last 4 of your Social Security number. Maybe they research you on social media or the Internet. Or maybe they got it from a hack of a company you do business with like Target or Equifax. Then they call the phone company and tell the customer service rep that they are you. It may not work the1st time, because the rep isn't supposed to let someone into the account without full information. But phone reps are not trained as security experts, nor are they compensated to screen every call like they are. Hackers have discovered that if they call back over and over again, eventually they get a rep who will give them access. Once they do they have your phone number permanently "ported" (moved) to their own phone. When this happens, suddenly you stop getting calls and text messages, because the hacker is getting them instead. Most people don't notice this, and it's the calm before the storm.

Raiding the vaults Then the hacker goes online to your email account, financial accounts, social media, dropbox, etc. They click on the "forgot password" link, which makes the site send a text/SMS confirmation number to your phone number to protect against hackers. However in this case the hacker owns your phone. So they confirm and take over your account. Then they quickly rinse and repeat until they own all of your online life. Kenna, lost control of 30 accounts when he was victimized.

How do I stop this? All of this is scary but thankfully there are ways to stop this. The downside is that none of them are particularly easy, and take time to set up. But then again, being victimized is not really easy either. In part 2 of this article, I'll talk about ways to stop this.

#investors #security #fraud #bankaccounts #socialmedia #cellphoneporting

0 views
About Ian Ippolito
image1 - headshot.jpg

Ian Ippolito is an investor and serial entrepreneur. He has been interviewed by the Wall Street Journal, Business Week, Forbes, TIME, Fast Company, TechCrunch, CBS News, FOX News, USA Today, Bloomberg News, Realtor.com, CoStar News, Curbed and more.

 

Ian was impressed by the potential of real estate crowdfunding, but frustrated by the lack of quality site reviews and investment analysis. He created The Real Estate Crowdfunding Review to fill that gap.

More information
Subscribe
join our mailing list
Tweets
  • White Facebook Icon
  • White Twitter Icon
  • White Google+ Icon

© 2015-2018 By Exhedra Solutions, Inc. All rights reserved. Use of this site constitutes your acceptance of it's terms and conditions.
 

Code of Ethics: I do not receive any money from any sponsor or platform for anything including guides, tutorials, postings, reviews, referring investors, affiliate leads or advertising. Nor do I negotiate special terms for myself above what I negotiate for the benefit of members. For clarity: I do receive monetary compensation in 2 ways. Site members can send donations (and a $200 donation entitles them to access my personal low-level due diligence notes on investments I've put money into). And if the club chooses to create a feeder, I take a fee as manager (and keep the excess beyond expenses). Additionally I receive the same non-monetary compensation all club members do: access to otherwise inaccessible sponsors, millions of dollars of special deals and discounts, the satisfaction of giving back and helping others, and more.

I/we are just investors expressing our opinion, and are not registered financial advisors, nor attorneys nor accountants. Always consult with your own licensed professional before making any investment decision. All information provided is personal opinion only, and does not constitute professional, financial, tax, legal or other advice.