Cybersecurity is like a game of whack-a-mole. As soon as the good guys put a stop to one type of attack, another pops up.
Usernames and passwords were once good enough to keep an account secure. But before long, cybercriminals figured out how to get around this.
Often they'll use "brute force attacks", bombarding a user's account with various password and login combinations in a bid to guess the correct one.
To deal with such attacks, a second layer of security was added in an approach known as two-factor authentication, or 2FA. It's widespread now, but does 2FA also leave room for loopholes cybercriminals can exploit?
2FA via text message
There are various types of 2FA. The most common method is to be sent a single-use code as an SMS message to your phone, which you then enter following a prompt from the website or service you're trying to access.
Most of us are familiar with this method as it's favoured by major social media platforms. However, while it may seem safe enough, it isn't necessarily.
Hackers have been known to trick mobile phone carriers (such as Telstra or Optus) into transferring a victim's phone number to their own phone.
Read more: $2.5 billion lost over a decade: 'Nigerian princes' lose their sheen, but scams are on the rise
Pretending to be the intended victim, the hacker contacts the carrier with a story about losing their phone, requesting a new SIM with the victim's number to be sent to them. Any authentication code ..
Support the originator by clicking the read the rest link below.
