top | item 15027299

(no title)

bitmover | 8 years ago

A hacker stole my IG account. They found my phone number then called AT&T in the dead of night and convinced them to forward my number to a Google Voive account. Then they contacted my web host and used the number to verify it was “me”. From there they had everything they needed.

discuss

misiti3780|8 years ago

That is terrifying. How can you prevent someone from being able to do this?

tyingq|8 years ago

Maybe don't submit your cell phone number as your official contact? Submit a number that is less prone to social engineering changing it, like a VoIP provider number that has no live human support.

bitmover|8 years ago

I don’t know how they got my number. AT&T said I should have a verbal passcode one the account AFTER the damage was done. That would have been helpful for them to mention when I set up the account. Or you could buy a prepaid burner and use that.

ryan-koch|8 years ago

If you use 2FA through an app instead of receiving text messages (assuming the service in question supports this) that would limit the ability to use the social engineering angle.

Rjevski|8 years ago

A proper mobile provider. Failing that, don't use your phone number for anything security-related (no SMS 2FA, etc).