I had a recent issue with 2FA in which the use of 2FA (demanded by banks in Canada) resulted in having $27,000 stolen from my account through forced cellphone number porting.
In this forced porting, a person pretends to be you and requests that your cell phone provider ports your number to a new provider. Once they do this, then the fake you is able to put the new sim card (with your cell phone number) into a burner phone and then access your bank accounts (or anything using 2FA) by use of the 'forgot password' function which defaults to sending you a 2FA code to your phone number (which the fake you now has). Using this code, the scammer is able to access all of your bank accounts and move money or buy things using your online accounts.
Fortunately, I was able to secure the breach quickly enough and lock down the number (which, working as quickly as I could, took 28 hours). The banks were amenable and held processing transactions, but not before $27k had gone missing. It took several months to get all of the money back.
|