So first and foremost, we need a change in the way consumers look at services

  1. How Convenient the service is
  2. How convenience impacts security

Short and sweet of it is, if something makes your life substantially easier for you, it makes your life substantially easier for someone else.

So when you are setting up an online service, if something comes up in a set up wizard that makes security convenient, you need to research it.

We will see why now

What a Consumer can do to prevent it

Now the issues from the last page we have 3 points of access to your account

  1. I stole your phone
  2. I remotely use your voicemail on your phone to forward your calls
  3. I access your mobile phone online account to forward your calls

So, how do we fix all 3 of these issues really simply?

In the account recovery options for your email, you will see 2 options

  1. Recover password by email
  2. Recover password by phone

If you have “Recover Password by Phone” delete it.

If you have “Recover Password by Email” then make sure this is not an email that you access from your phone.

That’s it, job done.

Those same recovery options are used to bypass 2 step authentication by virtue of resetting the password and prompting a pin via other means.

While you are there, you can prevent some other issues not covered here by making sure your

  1. phone has a lock,
  2. your voicemail has a lock (if it can be accessed remotely, usually gets set up when you go on holiday) or that you do not allow remote voicemail access.
  3. That your mobile phone online account uses a decent password.

Now if you use two step authentication, or even you don’t, I cannot easily bypass all security to get access to your life, virtual wallet and everything in it.

You mobile telephone is the least secure thing you own, the only thing less secure than the physical device is the telephone number associated with it.

Don’t use telephone numbers for secure authentication.

It is only secure by assumption, not reality.

Right, nice and simple that one, on the next page we look at what the industry can do about it.

Previous PageNext Page

Back to How I Would Commit Cyber Crime