[180246] in North American Network Operators' Group
Re: gmail security is a joke
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Fri May 29 07:18:12 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <CADb+6TAH4DcQjtHzFHwmxqNL8VWg_f4NfcgDOewsfSta1jnD2Q@mail.gmail.com>
From: Jimmy Hess <mysidia@gmail.com>
Date: Fri, 29 May 2015 06:17:43 -0500
To: Joel Maslak <jmaslak@antelope.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Wed, May 27, 2015 at 8:42 AM, Joel Maslak <jmaslak@antelope.net> wrote:
> I also suspect not every telco validates number porting requests against
> social engineering properly.
What national wireless provider _does_ validate porting requests
against social engineering?
As far as I knew, as soon as the gaining provider receives the filled
out online form or written form, with the billing address, Or copy
of a bill from the old provider printed off from the losing
provider's web portal signed off with a forged signature from the
scammer (All information that can be derived through pre-texting or
social engineering), The gaining wireless carrier can proceed, and
will proceed with a simple port without having to call the number for
approval.
The sufficiently evil scammer will have the wireless number ported to
their pre-paid cell phone within 48 hours, and be ready to receive
insecure SMS message from the target's online banking service to
confirm the second factor for login.
--
-JH
