Can the verification code take out the money in the bank card?

Your description is relatively simple, but now there is a new type of scam, which can transfer the money in the bank card through the verification code. 20 18 is an example: a netizen @ an old man fishing in Leng Jiang-Xue posted in Douban that he woke up in the early morning and found that his mobile phone had been receiving the verification code. There were more than *** 100 pieces from Alipay, JD.COM, banks and so on. Later, it was found that the money of Alipay and related bank cards had been transferred away; JD.COM opened the function of gold bars and white bars, and borrowed more than 10,000 yuan. According to the police, scammers can obtain the short message content of users' mobile phones in real time through this new technology, and then use the technical loopholes and defects of major well-known banks, websites and mobile payment apps to realize crimes such as information theft, fund theft and online fraud. But this is mainly because the owner leaked other important information of himself, so he must protect his personal information, especially his mobile phone number, ID number, bank card number and SMS verification code.

The technical crime of "pseudo base station" is divided into the following four steps:

1. Based on the GSM communication protocol under the 2G mobile network, criminal gangs modified and optimized the open source project OsmocomBB, and assembled it into a portable and easy-to-use SMS sniffer device to be used with special mobile phones.

2. Obtain the number of potential mobile phones in a certain range through the number collection equipment (pseudo base station), then log in through the "SMS verification code login" on the login interface of some payment websites or mobile phone applications, and then sniff the SMS by using the SMS sniffing equipment.

3. Query the target's mobile phone number through a third party payment, match the corresponding user name and real name information, and use this information to obtain the target's ID number from the social workers of relevant governments and medical websites, or obtain the target's bank card number through illegal means such as the social work library of the black production company. From this, we can grasp the four major items of the target: mobile phone number, ID number, bank card number and SMS verification code.

4. Through the four pieces obtained, various malicious operations such as registration/binding/unbinding, consumption, micro-loan and credit deduction are carried out. Payment or loan related to the flow of funds to achieve the goal of theft or credit card fraud.

However, the above four steps are only basic principles. Attackers may even interfere with nearby cell phone signals, turn 4G into 2G signals, and then steal SMS messages.

This attack is divided into the following four levels:

1, pseudo base station spam message.

2. Sniff GSM messages.

3. Downgrade the mobile phone from 3G/4G to 2G.

4.3G/4G man-in-the-middle attack.

Because ordinary SMS sniffing technology only obtains SMS at the same time and cannot intercept SMS, criminals usually choose to commit crimes in the middle of the night, because the victim is sleeping at this time and will not notice abnormal SMS.

Although this technique is difficult to guard against, don't worry too much. @ Jiangning Public Security Online said that at present, in addition to SMS verification code, most payment and bank apps often have many secondary verification mechanisms such as picture verification, voice verification, face verification and fingerprint verification.

In addition, if only the verification code is leaked, the problem is not big. Most of the recruited users revealed other important identity information, such as ID number, so the overall success rate of committing crimes is not high.

: How to prevent brush theft

1, usually do a good job in protecting sensitive private information such as mobile phone number, ID number, bank card number and payment platform account number;

2. The simplest trick is to turn off the phone or set the flight mode before going to bed. Without a signal, the SMS sniffer can't get your mobile phone number;

3. If you get up in the morning and see a strange verification code short message, you will definitely think that you may have encountered a short message sniffing attack, and quickly check your bank card and payment application. At this time, if the money is found stolen, freeze the bank card and call the police.

4. If you suddenly find that the cell phone signal has changed to 2G, you should immediately realize that you may be experiencing such an attack and take the above measures to protect yourself.

5. According to netizens, the security functions of some bank apps can prevent this, such as opening common equipment management and setting up non-trading at night.