A few days ago, Michael Terpin, founder of a group of investors in crypto companies called BitAngels, had no less than 24 million dollars in stolen cryptoactive.
Terpin's case drew attention because he sued a millionaire lawsuit against AT & T (the second-largest US cell phone operator), asking for $ 24 million back and $ 200 million as compensation.
He alleges that the theft was caused by a painfully common fraud in the cell phone world called "SIM swap": the fraudster pretends to be the true owner of the line and persuades an operator to re-associate the phone number with the new chip.
In this way, the fraudster will receive your SMS messages (receiving notifications and login confirmation codes from your crypto brokerage or bank website via the internet), and you have access to your Whatsapp contacts, and sometimes have up to audacity to talk to your friends or family via Whatsapp and ask them for money, making them think it's for you.
It will be interesting to follow the case of Terpin - if he wins, it will set a huge precedent to hold the telephony operators responsible for all the safety sins of users. In the meantime, you can avoid becoming the next victim by adopting the following practices:
If your brokerage confirms email or SMS logins (in addition to the name and password, of course), stop what you're doing and learn about Google Authenticator (GA).
Briefly, it is a system that creates "disposable passwords", in the form of a numeric code, that change once a minute. The grace of the thing is that GA can calculate these passwords without using the internet. Try it: Turn off WiFi and 3G / 4G and see that it keeps working. Because it does not depend on the Internet, the fraudsters can not intercept.
With GA paired with your broker's website, turn off anything that has to do with SMS or email. If your broker does not offer you these resources, change brokerage houses as soon as possible.
If you're saving large amounts of crypto-coins for the future, buy one of several "hardware wallet" gadgets, such as Safewise, Trezor or Ledger. Physically, they look like pendrives, but in fact they are a totally separate computer that only runs the wallet application. Because it has no Windows, no browser, and no email, it has almost nothing that can catch viruses. Learn how to use your device well and keep the "bulk" of your cryptoeconomics in it.
Some of these "hardware portfolios" can also be used to replace the name + password to authorize withdrawals and login to brokerage sites. There are still few that support this resource, but you should seriously consider migrating to them, or require your broker to implement this feature.
If you use a crypto-mobile wallet application on the mobile phone, treat it as you treat your conventional wallet: never walk around with a lot of money on it. Put only what you want to use soon to pay for everyday things. When the money runs out, "recharge" from your main wallet or brokerage - just as you go into the bank's ATM when the money in your leather wallet is gone.
If you follow me, I will also follow you in return!
@honshu, I gave you a vote!Enjoy some !popcorn courtesy of @nextgencrypto!