Landline scam

[Arborbridge]

re the idea that pressing the wrong button on a smartphone can get you 'infected'

is it the phone itself that gets infected or is it the SIM card that gets the bug?

ie
if 'caught' does it resolve by putting the SIM into a different phone and dumping the phone?

Give an example of what you mean by "infected" by pressing the wrong button. Otherwise it's a baseless scare story.

Scott.

Scare stories are around, of course, but I find your attitude surprising. Surely it is healthy to question everything with regard to phone security, and if someone does not feel happy about this medium, who are you to pontificate? What have you to gain by pushing people into corners demanding concrete cases, when all they are saying is we don't entirely trust mobiles and we are going to be careful?
Being careful when dealing with the internet seems emminently sensible to me - there are many dangers and tricks both with mobiles and landlines and we should always be cautious, and encourage those who are not to be more so.

Arb.

[Arborbridge]

I've heard a few anectdotes about people clicking icons and ending up subscribing a monthly fee to things they did not intend. What nonsense, I thought - how can that happen?

At least a couple of times (very few, but a measurable number) over the years I have accidentally clicked on an icon. This happens for various reasons, but I believe the common one for me is when you go to touch the screen at some place and simulataneously the page updates, so the point at which you press is now something new - such as an icon or link to something else unintended.

By the grace of God I've gotten* away with it, but one day I may not.

These are your icons. What harm do you think would come if you accidentally pressed one?

Scott.

Sorry, not my icons - links which pop up.
Here you are again opposing someone who has just related how it is possible to get linked through to a scam. You sound like are in denial

[swill453]

Scare stories are around, of course, but I find your attitude surprising. Surely it is healthy to question everything with regard to phone security, and if someone does not feel happy about this medium, who are you to pontificate? What have you to gain by pushing people into corners demanding concrete cases, when all they are saying is we don't entirely trust mobiles and we are going to be careful?
Being careful when dealing with the internet seems emminently sensible to me - there are many dangers and tricks both with mobiles and landlines and we should always be cautious, and encourage those who are not to be more so.

Caution is sensible, paranoia isn't.

Propogating hoax scares like "don't press 1 or it'll cost you hundreds" (not accusing you of this) is in itself harmful and achieves the malignant aims of the originator.

Scott.

[swill453]

Sorry, not my icons - links which pop up.
Here you are again opposing someone who has just related how it is possible to get linked through to a scam. You sound like are in denial

It's an education process. Pressing 1 on a phone call isn't harmful. Pressing a random link could well be harmful. Learning the difference is good.

Scott.

[Mike4]

On a related subject, the programme "You and Yours" yesterday on BBC R4 hard an article on a mobile phone risk. Reading between the lines I think they were saying scammers have found a way around the "2 Factor Authentification" (2FA) we are being encouraged to used by banks etc. The second authentification being a code or number sent to our mobiles to confirm we are wh we say we are, when logging into the bank website.

What seems to happen (and I haven't thought this through in detail) is the scammers acquire some personal data about you which used to let them get access to your accounts, but no longer due to 2FA. But the thing is, they can use this same personal data to impersonate you and approach your mobile phone provider to port your number to a new SIM. If they succeed, they transfer your mobile number to a phone of their own and now have control of the 2FA. You'll get a text telling you but people ignore this thinking it is a mistake because they didn't initiate the phone number transfer. Next thing is their mobile stops working because the scammers have transferred the number to their own phone and are now logging into their bank or trading account to clear it out, as the 2FA used by the bank to make sure it is you is now being sent to the scammer's phone and them scammers are confirming their identity!

So, bottom line is, should your mobile phone unexpectedly stop working with any sort of 'invalid SIM' error, treat it seriously and with urgency as you may be about to be a victim of this 2FA fraud.

[88V8]

....having just read "Which" I realise my four-year old expensive smartphone software is now not being updated so is possibly even more open to hacking.

This surely is a scam hiding in plain sight.

In what way can it be remotely moral or indeed legal to sell someone an appliance and then deliberately obsolesce it just 3-4 years later. And the mug owners just respond 'oh yeh' and go buy a new one.

Perhaps if some of yoof's outrage were directed at this scam, nanny govt might do something about it.

V8 (no mugphone)

[UncleEbenezer]

On a related subject, the programme "You and Yours" yesterday on BBC R4 hard an article on a mobile phone risk.

You and Yours (among others) have been reporting that wheeze for many years, going back before "2FA" became common parlance.

Indeed, I think they once reported a victory when one bank stopped using that particular 2FA after some cases.

[xeny]

Yes, you are right. If you buy a smartphone the experts suggest as a user you will have to be more careful than you need to be on a landline. One rash press of a "button" on the smartphone could lead to trouble! And sometimes it isn't immediately obvious that your phone has been infected.

Be aware there's a world of difference between "buttons" in the phone app, and the various soft icons and links that other application on a smartphone may present.

You're hard pressed to compromise a smartphone via a voice call.

Compromising the user so they then do something the attacker desires in an application on the phone is little different to a phone call that uses social engineering to get you to install a remote control application on your home computer.

[XFool]

On a related subject, the programme "You and Yours" yesterday on BBC R4 hard an article on a mobile phone risk.

You and Yours (among others) have been reporting that wheeze for many years, going back before "2FA" became common parlance.

Indeed, I think they once reported a victory when one bank stopped using that particular 2FA after some cases.

OTOH, for balance, Money Box was recently hosting 'complaints' about the NS&I site not using 2FA for logon.

[1nvest]

Had a attempted scam call this morning. Virgin Media (which we have), Indian accent (in keeping with Virgin Media outsourcing their help desk to India), suggesting that my IP had been hacked, by someone in the US.

"Oh!"

Had I clicked any adverts ..etc.

"Yes"

Could I get my PC/tablet/phone ready.

"No, I haven't one to hand"

Could he call back later when I had one to hand.

"Can you tell me my postal address?"

... call ended.

Dialed 1471 ... and it was a outer London (local) 0208 ... number.

Guess I should have strung them along more ... can you open Windows ... yes, but its rather cold now

Should I report their number and activities? If so who to?

[Howard]

Yes, you are right. If you buy a smartphone the experts suggest as a user you will have to be more careful than you need to be on a landline. One rash press of a "button" on the smartphone could lead to trouble! And sometimes it isn't immediately obvious that your phone has been infected.

Be aware there's a world of difference between "buttons" in the phone app, and the various soft icons and links that other application on a smartphone may present.

You're hard pressed to compromise a smartphone via a voice call.

Compromising the user so they then do something the attacker desires in an application on the phone is little different to a phone call that uses social engineering to get you to install a remote control application on your home computer.

Yes, I agree. If you read the OP to which I was replying you will see that it was from a poster who stated that he had never owned a smartphone and was considering buying one. The thread was taken away from this important point. I wasn't suggesting that a phone call on a smartphone was dangerous per se. But surely you'd agree that the dangers of someone using their first smartphone are far greater than pressing the wrong key on a landline phone. One is a computer and the other is fairly dumb electronically. Hopefully you'd also agree therefore that someone who has never ever used a smartphone needs to be advised to take care and treat it differently from a landline phone?

regards

Howard

[xeny]

Hopefully you'd also agree that someone who has never ever used a smartphone needs to be advised to take care and treat it differently from a landline phone?

Certainly. I'd argue the risk is least (near negligible) when the device is being used as a landline phone substitute though. The rest of the time it is a computer and trouble comes from it not being regarded as such.

If you buy a smartphone and get a similar call or message, pressing a number or icon on your phone could expose you to the beginning of the download of a bot or similar malware leading to an expensive or time wasting outcome to get rid of it.

Using a smartphone as a phone makes this unlikely/difficult. The phone app typically can't launch applications. Text messages with URLs in them are certainly a risk (although also potentially useful - that is how my GP is organising web based booking for vaccination appointments), but in the context of the comparison with a landline the discussion is purely about voice messages, and there the risk is far more about social engineering than it is about the phone being a smartphone.

If phone call that makes you do something foolish on a computer ii is immaterial if the computer is a discrete device or combined with the phone (or consider a VOIP handset hooked up to a computer for another possibility).

Similarly it strikes me as equally foolish to buy a laptop/PC as to buy a computer integrated into a phone without considering the security patching policy of the manufacturer.