208
Cory Doctorow gets scammed
(pluralistic.net)
This is a most excellent place for technology news and articles.
True for any company asking for anything sensitive.
I've gotten scams from my internet provider asking me if I want to upgrade my plan with a new discount. Caller ID was spoofed and it sounded pretty legit, until they started asking me about my current plan tier and price. I was like "uh, you tell me. You're the one with access to my account info." After they hemmed and hawed about that, I just hung up.
Honestly, you should be suspicious of ANY incoming calls at this point. There are convincing scams that spoof the voices of people you actually know using trained AI. It's actually pretty easy to do now, since you only need a few seconds of audio to use as a training sample. Anyone who's ever posted a video with their voice on social media can potentially have their voice spoofed. I've warned my family about this, since most of us have our voice out there somewhere.
Phone calls are dumb. SMS is dumb. Phone numbers are dumb. Phone line security is basically non-existent. It's wild that phone numbers have become the de facto ID on the internet; almost everything requires SMS auth to register now. PHONE NUMBERS ARE NOT PERSONAL IDS.
An unanswered phone is a happy phone.
Moss seal of approval.
The worst thing imo is when a form will say they need to verify your identity, so they ask you to give them a phone number you can receive a text at to do a 2fa.
...how, exactly, does that verify anything other than that I own access to a phone number that can receive a text?
SIM swapping to hijack OTPs is insane.