AN ALARMING phishing scam has emerged that allows hackers to drain your bank account by taking control of your mobile phone contract.
The hack, which featured on the BBC’s Watchdog programme last night, exploits the new rules over transferring your phone to a new provider.
By falsely requesting a PAC code (the code that allows your new provider to take over your phone number), which can now be done online, by simply logging into your current provider’s account, hackers can take control of your phone line on a different handset and use it to intercept SMS messages containing one-time passwords used to authorise telephone banking.
As we were preparing this story, it came to light that the latest victim of the scam is frugal celebrity chef Jack Monroe who tweeted:
Hi. I’m living in a literal nightmare right now. My phone number has been stolen (ported PAC code, fuck Wikipedia having my fucking birthday on it!) And the last six months earnings have been cleared out of my account – my security, my bounce, my mental health all shot to shit /1
— ☘️🇨🇾Jack Monroe (@BootstrapCook) October 11, 2019
adding:
It seems my card details and PayPal info were lifted from an online transaction. Phone number was ported to a new SIM, meaning crims access/bypass authentication and authorise payments.
I’m an autistic, methodical, ruthless investigator, and I have a LOT of info to go on.
— ☘️🇨🇾Jack Monroe (@BootstrapCook) October 11, 2019
Monroe adds that all this has happened despite her using ‘gobbledegook’ passwords and two-factor authentication (2FA) on her accounts.
BBC Viewers last night were warned that if you are using SMS for your 2FA, you must use other security too. Banking regulations have already been updated to reflect this advice, but not all banks have put the arrangements in place as yet.
If you’re worried it could be you, try sending a text to yourself. If you don’t receive it, it might be time to check with your provider that all is well. µ