In the past, the loss of a cell phone at most the loss of a cell phone money.
Now, the phone is lost, not only lost, but also may carry a huge debt.
For thieves, the phone is no longer the purpose, the mobile payment in the phone is worth a fortune.
Textbook robbery of deposits, you can’t lose your phone!
Recently, an information security expert named “Old Camel” had his phone stolen, uncovering a huge loophole in mobile payments!
In just one day, his bank card, credit card, Alipay, WeChat payment, Meituan payment, Suning Finance …… were all cracked, with heavy losses.
Can you imagine? The speed of the theft gang, the technique of professional, even security experts are held down on the ground friction!
Ordinary people, that can only become the fish on the chopping block.
1
We hurry to see the criminals to the peak of the modus operandi.
It is reasonable to say that our phones have fingerprints unlocked, mobile payments are password-heavy, how do they pry open the security door?
Get to the point!
First, theft of cell phone numbers
Thieves are only the most grassroots part of the theft gang, they steal the phone will be transferred to the headquarters of technical experts at a rapid pace.
This is because the owner usually does not immediately hang up the phone number, but will first call the stolen phone to try to save.
The theft gang is to take advantage of this fleeting gap, the first Time to pull out the cell phone card inserted into their own cell phones, a casual phone call to send a text message, the theft of the owner’s cell phone number.
This is the first step to success.
The second, to obtain all the identity information of the owner
Just get the cell phone card, and can not directly open the wallet in the mobile payment.
And, in case the owner loses his cell phone number, it is not a basket case?
So, the owner’s ID information becomes the key second step.
How does it work?
The criminals fully proved their professional ability.
They opened the SSA App, clicked on the forgotten password, and selected the SMS verification code to log in, which opened the owner’s electronic social security card account.
Inside the account, ID card numbers, social security financial cards and other bank card information are all available.
Cell phone number + ID card information in hand, from then on all the way to the green light.
Third, anti-loss
After the owner “Old Camel” realized that his cell phone was stolen, he quickly lost his cell phone number and started a series of rescue measures, such as
He began a series of rescue measures, such as: transferring all the current balance in the cell phone bank, contacting several banks to freeze the debit and credit cards, transferring the funds on Alipay and WeChat, and deleting all the bound credit cards ……
However, he soon found out that he had met a master.
That night, the criminal gang secretly unhung the cell phone number.
In our thinking, the unhooking needs to personally take the ID card to the business office.
In fact, a phone call can be solved.
The reason is that the criminals get the cell phone number and ID card number, just make up a “husband and wife quarrel” reason, you can lift the lost state.
This means that the criminals have already figured out the telecommunications business process before committing the crime.
Fourth, unlock the phone, login WeChat Alipay
We said above, with the cell phone number + ID card information can be green light all the way, the next step is to unlock the phone.
Criminal gangs first call the mobile operator customer service, modify the service password, and then with the SMS verification code, you can change the password of the cell phone manufacturer, and finally unlock the screen and enter the phone.
What many people thought was a steel line of defense was easily broken through.
After opening the phone, they were able to log on to WeChat and Alipay and squeeze the owner offline.
Fifth, the concealment of the sea, successful cash
As mentioned above, the owner “Old Camel” is a security expert who has been working for more than ten years, and he transferred the money out of the mobile app at the first time, and also unbinded it from his bank card.
However, the criminal has already seen through everything.
We all know that a person can have two Alipay, criminals seized this point, using the owner’s cell phone number and ID card to register a new Alipay.
The owner has already frozen his bank card, so how can he do that?
The wise man has a thousand thoughts, there must be a loss.
We all have this experience, early years to do a lot of bank cards, some lost, some can not be found, forgotten these cards naturally can not think to freeze.
In addition, the owner of the credit card bound to the ETC, if frozen, high-speed can not get on, so he kept the credit card.
As it happens, these two loopholes are all caught by the criminals.
All they need is the cell phone number + ID number, and a check on software such as Card Class Manager, they can find out all the debit and credit card accounts of the owner.
They use the missed credit card to bind the newly registered Alipay, set a payment password that even the owner doesn’t know, and then they can swipe your card.
Of course, in the case of “Old Camel”, Alipay’s risk control system automatically identified the criminal gang’s abnormal operation and blocked the transaction.
But third-party payments are not only Alipay, there are also Jingdong White Strip, Meituan Payment, Baidu Wallet, Suning Financial, 360 Debit …… dozens of payment institutions.
In order to facilitate the pulling of new, they all launched a quick card tie, just an ID number + SMS verification code, you can easily bind your bank card.
It doesn’t matter if you don’t have money on your bank card, there is a whole lot of online lending.
In fact, the criminals are the third party APP to tie the card, use the name of the owner to apply for loans, and then through the purchase of virtual card coins and network recharge successfully cash.
This means that even if you transfer the money out, you still can’t escape from the debt that falls from the sky.
2.
A new round of property security risks are coming!
There is a fact that you may not know, “Old Camel” is just the tip of the iceberg among the victims of cell phone theft and bank card skimming.
At present, the national cell phone Internet users are close to 1 billion, and the theft phenomenon triggered by lost cell phones is becoming a new round of property security hazards.
In September 2019, Shanghai cracked the country’s first big case of stolen cell phones and swiped bank cards, and since then, this new crime has officially surfaced.
At that time, the police suddenly received a number of reports of credit card theft, and upon investigation, it turned out that all the victims’ cell phones had been stolen in Sichuan.
The criminal gang first unlocked the phone after stealing it, then used the SIM card to find the owner’s ID card and bank card information on Ctrip, then used the identity information to call the operator to change the cell phone service password and gained control of the phone.
The owner then used his identity information to call the operator to change his cell phone service password, gaining control of the phone. Only after the owner replaced his cell phone number did he discover that his bank card had been looted.
Compare to the “Old Camel” case, it’s really the same technique and the same recipe.
Last year, on the National Day, a man in Guangxi had his cell phone stolen and 120,000 yuan disappeared in half a day.
The criminals used the same method to crack his cell phone password and payment password, and then bought 25 Apple and huawei phones in Jingdong, all using Extreme Speed.
When the police arrived at the delivery address, the building had long since been empty.
360 has a statistical data, only in the first half of 2020, 360 received 1,561 reports of cell phone theft, the per capita loss of more than 10,000 yuan.
There is no doubt that at a time when mobile payments are highly convenient, cell phones have become the most coveted fat for criminals while becoming property cabinets.
3.
Repeat: 1 billion people’s property security war
The professional methods of criminal gangs make people think carefully.
In retrospect, let’s review their textbook methods.
First, front-line thieves squatted and selected specific groups of people to steal cell phones and forward them to technical Specialists.
They choose the business hall after work, the owner can not replace the card slot phone unhooked cell phone number, which gives the team to buy a full night of crime time.
Next, the technical specialist is responsible for stealing ID cards and bank cards, modifying the cell phone vendor’s password, unlocking the owner’s phone and seizing the initiative across the board.
Immediately after, they enter the phone and transfer all the balances of bank cards, WeChat and Alipay.
Finally, if there is no money inside the phone, then they use the identity of the owner to register an online loan account and bind the bank card.
After the successful loan, they either cash out by buying virtual card coins, or directly go cell phone bank transfer.
Did you find that in this process, the criminal gang did not point a gun at anyone, they used the normal business operations throughout.
What does this tell us?
It shows that cell phone payments, mobile payments inside the hidden huge loopholes, such as unlocking the screen, convenient card, verification code login, etc., these extremely important barriers and operations, as long as the phone is lost, immediately all fallen.
This throws a question to the rule makers.
When designing mobile payments, is security important, or is convenience first?
For them, it’s worth reflecting and rethinking.
So what should ordinary people pay attention to?
First, the phone should not only set a screen saver password, but also a SIM card password, so that criminal gangs have no way to pull the card off and continue to use it.
Second, the phone is stolen do not have illusions – the first time to lose the phone card. We said at the beginning, the phone lost can buy again, but the identity information leaked, the entire Family run naked.
Third, do not leave ID and bank card photos inside the phone.
Fourth, usually do not use the bank card as far as possible to cancel, freeze the bank card, be sure to freeze all, do not leave any opportunity for criminals.
Recent Comments