New security trade risk, protect yourself!

[waterholeIO]

There's a sort of new trade risk running around online. If you're using a 2FA (factor authentication), you're still vulnerable.

What does it do?:
A person that you've traded with or about to make a trade contacted you via your cell phone number. The user then takes your mobile number, calls up the phone company, and have the number ported to his own personal account. Now, your email texts the number for password recovery, when means they now have access to your email and also your other login and information (which they can do with a password reset).

What can I do to protect myself?:
Make sure your mobile phone company has a block on porting your number without your security question answered or that it can only be done in person.

[~Bitcoin~]

But how phone company gonna easily agree on porting mobile number of someone else to hackers account? actually even for small change regarding phone number campanies ask for lots of verfication here. If someone can easily hack like this only with mobile number of owner than there are lots of personal mobile number spreaded over social media accounts but i don't think what you have said is possible without any agreement from the owner.

https://en.wikipedia.org/wiki/Mobile_number_portability

[pooya87]

maybe it is just my country but you can't just call the phone company, give them a random number and say i want to port this number!!! you have to prove you are the owner and go to the freaking place and fill out forms.

besides 2FA is usually with google authentication not SMS or Email