Imagine swiping your credit card at the gas station or grocery store, and having the clerk tell you the transaction was declined. Your heart would probably skip a beat as you began to panic.
Things would only get worse once you realized that your card was declined because someone had drained your account. And that’s exactly what can happen if a hacker exploits this newly-discovered security flaw.
A global telecom network named Signal System 7 is used by banks around the world to communicate with customers. However, a flaw has been identified that allows hackers to intercept security code information that’s being sent to bank customers.
You’ve heard us mention two-factor authentication before, and it’s typically something that adds an extra layer of security to your login credentials. In this case, however, the codes being sent by your bank could be stolen, allowing hackers to access your account.
The security flaw comes from the fact that most banks send these access codes via SMS messages or text messages.
Reports of this particular hack first arose in Germany, where hackers were successful in their attempts to steal funds from numerous bank accounts. Although it’s currently not known how many customers were affected, the fact that these crooks were able to pull this off is quite alarming.
Fixing the problem
Unfortunately, there’s nothing that the average person can do to patch this security flaw, or even ensure that their bank is not affected. Due to the nature of this SS7 system, the issue will need to be fixed by the FCC and telecommunications industry.
What’s even more alarming is that these two parties don’t seem to be all that concerned about your security. If it had only been a few weeks or months since the issue had been brought to their attention, that would be one thing. But researchers discovered and reported the SS7 flaw back in December 2014!
According to reports, the FCC was warned at that time of the serious threats this gap presented. Officials were told that the exploit could be used to locate mobile users, listen in on their calls and intercept all their messages. Still, nothing has been done to solve the problem.
But just because the ultimate solution lies out of your hands, doesn’t mean you should turn your back on this threat. There are things you can do to reduce or eliminate the risk of being affected – and they’re things you should be doing regularly, not just during a crisis.
Right now, it’s a good idea to change the password for your bank account, and any other account where you use two-factor authentication. The good news is, for this scam to work the hackers would also need access to your username and password. Just be sure to avoid these password mistakes that will likely get you hacked.
Check to see if your information has been stolen
Hackers exploiting this vulnerability must also have access to information such as your username, account number, email address, social security number and password. Much of this information comes from data that’s accidentally leaked by the companies you trust and do business with. Remember the massive Yahoo breach? Or how about the breach at LinkedIn? Millions of people had their personal information exposed by lackluster cybersecurity at these companies.
If you’re unsure whether or not your information has been compromised, there’s an easy way to find out. A site called Have I Been Pwned will let you know if your private data has been stolen. Click here for more details on how this site works.
Safeguard the answers to your security questions
Recently, we warned you about a survey spreading around on Facebook that you should avoid at all costs. The survey seems innocent enough – it asks you to list 10 concerts you’ve attended – but answering this question is riskier than you might realize.
That’s because one of the most common security questions asked is “What was the first concert you went to.”
Answering this survey, and others like it help thieves piece together the information they need to access your online accounts. Don’t do it! Click here to see five pieces of sensitive information you should never share on Facebook.