PREDI C TI VE I NTEL L I GE NC E
The interest in such attacks is so great
among cybercriminals that some of them
decided to sell it as a service to others.
already offer this additional security
for your number.
• Process improvement. As we
mentioned above, some processes
contain weaknesses, especially in
emerging markets. It’s important to
dissect all the stages of the process
and understand what the underlying
weaknesses are. In some countries,
there’s a thriving black market that
makes it possible to obtain fake
documents. These documents can
then be presented to operators as
proof of identity for SIM swaps.
www.intelligentciso.com
|
Issue 14
• Activate 2FA on WhatsApp. To
avoid WhatsApp hijacking, it’s of
paramount importance to activate
2FA using a six-digit PIN on your
device. In the event of hijacking,
you’ll have another layer of security
that is not so easy to bypass.
• Request your number be unlisted
from TrueCaller and similar apps.
TrueCaller is a crowdsourced phone
book. It allows people to be identified
through their mobile number. However,
as we mentioned before, fraudsters
use this tool to find out more
information about you. You can, and
should, request that your number is
unlisted from this global phone book.
Despite the fact that attacks on 2FA with
the use of tools such as Evilginx are
becoming more sophisticated, software
tokens still provide a reasonable level of
security by today’s standards. While there
is no silver bullet solution, we believe that
declaring the death of SMS-based 2FA
is the way to go. This is especially true
when it comes to online banking, social
media and email services. u
35