China's telecommunications operators vulnerabilities too big: moments stolen card replacement to intercept the validation code 150,000 yuan-Telecom fraud, financial security-IT information
Mobile phone SIM card using a fake identification card replacement successfully by others, and intercepts authentication code (card replacement section) from bank cards or third-party payment platform of money was missing. The number of mobile phone users, including stewardess Xin Zhang, is discussing to Telecom due to the above reasons. Reporter for the daily news survey found that card replacement section code scam techniques are not complex, had appeared as early as in 2011. As the real-name system, rule changes, this old scam could find a new "play" again tempted operators card replacement process of security vulnerabilities.
Buffet card from China Mobile was ultimately scuppered by fraud, to China Telecom began strictly controlling the temporary ID risk, when operator can walk in front of fraudsters?
Recently, this reporter sent China Mobile and China Unicom, to the question interview, not reply as of press time; the reporter called China Telecom spokesman Office, the other side says, temporary ID is a valid certificate, but unable to identify the authenticity of telecommunications, if in the judicial process, and will respect the law. And now in accordance with the relevant provisions, temporary card can still conducted business.
Missing from 150,000 yuan
On May 17, the three major telecom operators leveraging "World Telecom day" again open the battle for users. But marketing practices behind the guise and the surge in mobile phone users, as users of financial security for the first line of defence against mobile phone SIM cards are extremely fragile.
Earlier this month, "flight attendant phone number card replacement, 150,000 missing" messages caused great concern. Reporters had found that flight attendant Xin Zhang's story is not alone. "Card replacement section code" hoax was staged as early as 5 years ago, but almost the same practices still occur in the last six months, it is regrettable that three major telecom operators "no survivors".
Beijing Telecom users, capital Airlines flight attendant Xin Zhang, within a week she feel importance of telecommunications on their own lives.
4:30 P.M. on May 4, Liaoning hometown holiday flight attendants are Xin Zhang received a series of different numbers of telephone harassment. She was ignored, the phone kept on hitting until her cell phone was not charged. Power on again only to find that, phone cards are not available to take a call. However, she did not care too much, thinking that it is a problem with calling cards.
Unexpectedly, Xin Zhang found herself the next afternoon Carrie 150,000 was missing.
She found the Bank, customer service called Cary's money had been transferred away, and this time is harassing phone calls to her cell phone to the dead time. She gave Telecom customer service call, find phone cards have become empty. "Phone card in my own hands, how will somehow become empty? ”
Zhang Xinyu later learned that the day of the incident, some people hold her ID card replacement phone card. Then the criminals through the replacement phone card to use mobile money from banks turn away her card.
Xin Zhang on Twitter detailing his experiences, and constantly update the development and human rights progress. Netizens offer "hype" questions, she posted her own photos, filing receipt, account details screen, call records and other evidence.
On May 9 to the Telecom Office confirmation, spokesman, said that he, himself the second generation ID card holders and Xin Zhang of the temporary identity card, to complement card with the telecom business. Temporary ID is valid and the information matching, Telecom is in accordance with the operational procedures for card replacement service. He also stressed that Hall on a temporary identity cards and documents during the initial business than to, the information is the same.
Account funds after being turned away, Xin Zhang found China Everbright Bank and China Telecom, respectively, she hopes to work with banks and operators to resolve this matter peacefully, but she changed her mind after fruitless discussions with China Telecom, and accused China Telecom on the Twitter "shirk responsibility".
On May 19, China Telecom responded that have suggested that Xin Zhang of victims through legal means, but has yet to receive the relevant legal documents.
Old scams in new "play"
Flight attendant Xin Zhang being in the event of fraud, criminals obtained her phone number and ID information. Xin Zhang temporary ID, operator networks for a replacement SIM card, then "you" means the owner shutdown, reset your online banking password, use dynamic verification code information intercepted, to transfer the money in the bank card. The entire process in one fell swoop.
This form of fraud called the card replacement section code, the key to this trick is to use forged or unlawfully obtained identity documents for a replacement mobile phone SIM cards, then by intercepting code will be the victim of money through online banking, third party payment means transferred out.
"Card replacement section code" means is not emerging fraud, reporters began to verify information, related case appeared as early as in 2011.
Reporters found that Wang Nan China Mobile users also struggled with card replacement section code scam. According to him, the night of April 6, 2016, one cheat in fishing message form the USIM card services password, and through "4G self-card business" card success. Wang Nan had tried to stop, but using "color ring back tone service" set "this computer has shut down" beep ringtone, Wang Nan mistook his cell phone in a "stop" protected, Wang Nan at the same time the money transferred in batches.
The mutation card replacement section code fraud means, using mobile phones businesses customize and unsubscribe features cheat victims of SMS verification code, and then through a carrier "self card operation" copy the victim's mobile phone SIM card and eventually commit fraud.
According to the legal evening news, April 28, 2016, the Ministry of information and communication development Secretary Wen Ku Scio said at a press conference on the same day, Beijing mobile company has suspended its Web site self-card business.
Similar cases have occurred in Hainan. Reporters, Li Peichao phone number China Mobile customers on October 20, 2015 was a replacement, resulting in economic losses of about 170,000 yuan. Police obtained video, he learned that the suspects did not even produce their identity cards with only a cell phone store and staff close to smooth card replacement.
From 2011 to 2016, and from using fake ID cards, temporary identification cards, to use the operator's business vulnerability, "supplementary card" constantly evolving. But the replacement phone card cheat code, eventually led to economic losses of victims approach is still old-fashioned. Success of SIM card replacement, determines whether subsequent fraud can continue.
All three carriers card replacement process vulnerability
Flight attendant Xin Zhang mentioned in my Twitter, "Telecom recognized the day of the incident it was holding my fake ID and temporary identity card for a replacement of my card, China Everbright Bank have the potential to leak, but Telecom is the biggest responsibility, not I, fake ID, card replacement? "Telecommunication service" matter-of-factly told me only ID card holders to the counter can handle (s) ".
Reporters found that the three carriers had case involves card replacement section code fraud.
Users of China Unicom in Shanghai Zhu Cheng on January 6, 2016, also used stolen bank card deposits after the fake IDs for a replacement SIM card. Zhu Cheng said, through access to business office surveillance video of the crime, he finds the same suspects on the afternoon of the same day, the same town, in the same way in Leonora was China Mobile Office for a replacement SIM card and online bank transfers ultimately Leonora caused economic loss of 156,000.
Leonora's husband told reporters that the suspects identity cards replaced the head himself, none of the rest of the information changes, even sex is maintained as "woman", and the actual card replacement does not match the person's gender. Fake ID is not magnetic, replied the mobile office equipment to identify, only check the identity card number and phone number.
Yunnan of China Telecom users, Ms Zheng also described to reporters he had been deceived by. Her phone card on April 22, 2016 photos fake ID card was in a county of Kunming Telecom 3G store card replacement is successful, then their bank cards stolen nearly 200,000 yuan.
Why three operators appear such a vulnerability? Reporter to verify the replacement phone card business processes, user identity on May 11 in the morning to call the three carriers ' customer service phone, and in the afternoon of May 12 call the operator Beijing Office.
For using temporary ID fill card, mobile customer service reply said, real name Hou must I holding ID original party can handle for card business, but mobile fuchengmen North Street Hall said, accept I holding temporary ID handle; China Unicom customer service said not allows holding temporary ID handle, Beijing Unicom chegongzhuang Hall said, because temporary ID cannot nuclear inspection, need depending on situation processing; China Telecom customer service in answered process in the two times suspended reply, eventually said need ID original to handle, and admits " Recently quite strict ", China Telecom official Park Office also said, must hold the second generation ID card.
These inquiries are not difficult to find, can I use temporary ID cards, agent what proof of identity is needed and so on, the operator is not fully integrated with business process standards.
One mainstream carriers responsible for business process training insider told the business daily reporters, operators employed its earliest recognition through SMS verification code, until the end of 2015, Hall began outfitting id identifier. Previously, can be as long as a valid certificate for a replacement SIM card and are difficult to distinguish.
In addition, these insiders say, until by May this year, temporary ID card can be used as a special case and the examination of artificial is our first basic identification, the security risks are controlled.
中国通信运营商漏洞太大:补卡截取验证码15万元瞬间被盗 - 电信诈骗,金融安全 - IT资讯
手机SIM卡被别人用假身份证明成功补卡,并截获相关验证码(补卡截码),银行卡或第三方支付平台内的钱就此不翼而飞。包括空姐张馨予在内的几名手机用户,正因上述事由向电信运营商讨要说法。《每日经济新闻》记者调查发现,补卡截码的骗局手法并不复杂,最早在2011年就曾出现。随着实名制等规则的变化,这种老骗局总能找到新“玩法”,一次次试探着运营商补卡流程的安全漏洞。
从中国移动的自助换卡被诈骗利用最终叫停,到中国电信开始严控临时身份证风险,运营商何时能走在诈骗犯前面?
近日,记者就上述问题向中国移动及中国联通发去采访函,截至发稿时仍未获回复;记者拨打中国电信新闻发言人办公室电话,对方表示,临时身份证是有效证件,但电信无法甄别真伪,如果进入司法程序,会尊重法律。而目前按照相关规定,临时身份证仍可以办理业务。
●15万元不翼而飞
5月17日,三大电信运营商借力“世界电信日”再次开启用户争夺战。但在营销手法花样翻新以及手机用户暴增的背后,作为用户金融安全第一道防线的手机SIM卡却异常脆弱。
本月初,“空姐手机号被补卡,15万元不翼而飞”的消息引发各方高度关注。记者经过调查发现,空姐张馨予的遭遇并非孤例。“补卡截码”的骗局最早在5年前就已上演,但几乎同样的手法在最近半年内仍时有发生,遗憾的是,三大主流电信运营商“无一幸免”。
对于北京电信用户、首都航空公司的乘务员张馨予而言,她在一周内真切地感受到电信对自己生活的重要程度。
5月4日下午4点半,正在辽宁老家休假的空姐张馨予突然接到了一连串不同号码的骚扰电话。当时她并没有理会,电话不停地打,一直打到她的手机没了电为止。等再次开机后却发现,手机卡已经不能接打电话。不过,她并没太在意,以为就是电话卡出了问题。
没想到,第二天下午张馨予发现自己卡里的15万元不翼而飞。
她赶紧找银行,客服称卡里的钱已被人转走,而这段时间正好是骚扰电话把她手机打到没电的时间。她急忙又给电信客服打电话,发现电话卡已经变成了空号。“电话卡明明就在我自己的手里,怎么会莫名其妙地成了空号?”
后来张馨予得知,事发当天,有人持她的身份证补办了电话卡。而后,不法分子通过补办的电话卡,利用手机银行转走了她卡里的钱。
张馨予在微博上详述自己的经历,并且不断更新事件的发展情况和维权进展。面对网友提出的“炒作”质疑,她贴出了自己的工作照、立案回执、账户明细、通话记录截屏等证据。
记者5月9日向中国电信新闻发言人办公室求证,对方表示,有人持本人二代身份证及张馨予的临时身份证,到电信营业厅办理补卡业务。而临时身份证是有效证件,且信息匹配,电信是依照业务程序办理的补卡业务。对方还强调,营业厅对临时身份证和最初办理业务时的证件进行了比对,信息也是一样的。
账上资金被转走后,张馨予分别找到光大银行和中国电信,她希望能够与银行和运营商和平解决这件事情,但和中国电信商谈无果后她改变了主意,并在微博上指责中国电信“一味推脱责任”。
5月19日,中国电信方面回应称,曾建议受害人张馨予通过法律途径解决问题,但目前仍未收到相关法律文件。
●老骗局的新“玩法”
在空姐张馨予被诈骗的事件中,不法分子先是获得了她的手机号和身份证信息。持张馨予临时身份证,到运营商网点补办手机卡,然后再利用“呼死你”等手段让机主关机,重设网银交易密码,利用截获的动态验证码信息,将银行卡里的钱转走。整个流程一气呵成。
这种诈骗方式被称为补卡截码,该骗术的关键就在于利用伪造或非法获取的身份证件补办手机SIM卡,再通过截取验证码将受害人的钱通过网上银行、第三方支付平台等手段转出。
“补卡截码”并不是新兴的诈骗手段,记者查证到的信息显示,最早在2011年就有相关案件出现。
记者调查发现,中国移动用户王楠也身陷补卡截码骗局。据他叙述,2016年4月6日晚,有人以钓鱼短信的形式骗取他的USIM卡服务密码,并通过“4G自助换卡业务”换卡成功。王楠曾试图停机,但对方利用“彩铃业务”设置“本机主已停机”的提示音彩铃,让王楠误以为自己的手机处于“停机”受保护状态,同时开始将王楠卡内的钱分批转走。
这种变异的补卡截码诈骗手段,利用手机业务定制和退订的功能骗取受害人的短信验证码,然后通过运营商“自助换卡业务”复制受害人手机SIM卡,最终实施诈骗。
据《法制晚报》2016年4月28日消息,工信部信息通信发展司司长闻库在当天的国新办发布会上表示,北京移动公司已暂停网站自助换卡业务。
同类的案件也发生在海南。经记者调查,中国移动客户李培超的手机号2015年10月20日晚被人补办,最终造成约17万元的经济损失。通过警察调取录像,他得知犯罪嫌疑人甚至没有出示身份证,仅凭和某手机卖场工作人员套近乎就顺利补卡。
2011年到2016年,从使用假身份证、临时身份证,到利用运营商的业务漏洞,“补卡”的方式不断翻新。但这种以补办手机卡来骗取验证码,最终导致受害者经济损失的手法依然老套。手机卡能否成功补办,决定着后续骗局是否可以继续实施。
●三大运营商补卡流程均现漏洞
空姐张馨予在微博中提到,“电信承认事发当天有人持我的假身份证和临时身份证补办了我的卡,光大银行有泄密的可能,但电信才是最大的责任人,不是本人,假身份证,都给补卡么?”电信客服“信誓旦旦的告诉我只有本人持身份证到柜台才可以办理(补卡)”。
记者发现,三大运营商均有案件涉及补卡截码诈骗案。
上海的中国联通用户朱丞在2016年1月6日,也被人利用假身份证补办手机卡后盗取银行卡存款。朱丞对记者说,通过调取案发营业厅的监控录像,他发现同一个嫌疑人在同一天下午、同一个镇,用同样的方式在中国移动营业厅补办了叶女士的手机卡,并以网银转账的方式最终造成叶女士经济损失15.6万元。
叶女士的丈夫告诉记者,嫌疑人将身份证的头像换成自己的,剩下的信息全都没有改动,甚至连性别也保持为“女”,与实际补卡人的性别不符。假身份证没有磁性,中国移动回复说营业厅没有设备去鉴别,只能核对身份证号码和电话号码。
云南的中国电信用户郑女士也向记者叙述了被骗经过。她的手机卡在2016年4月22日被人以换了照片的假身份证在昆明某县电信大楼3G专营店补卡成功,随后其银行卡被盗取近20万元。
为何三大运营商都会出现如此漏洞?记者为核实补办手机卡的业务流程,以用户身份于5月11日上午致电三大运营商的客服电话,并于5月12日下午致电各运营商北京的营业厅。
针对使用临时身份证补卡,中国移动客服回复称,实名制后必须本人持身份证原件方可办理换卡业务,但中国移动阜成门北大街营业厅称,接受本人持临时身份证办理;中国联通客服表示不允许持临时身份证办理,北京联通车公庄营业厅称,因为临时身份证不能核验,需要视情况处理;中国电信客服在回答过程中两次暂停回复,最终表示需要身份证原件才能办理,并且坦言“最近比较严”,中国电信官园营业厅也表示,必须持二代身份证。
通过上述问询不难发现,在能否使用临时身份证、代办人需要什么样的身份证明等方面,运营商与营业厅的流程标准并不完全统一。
一位在主流运营商负责过业务流程培训的内部人士对《每日经济新闻》记者表示,其从业的运营商最早的识别方式是通过短信校验码,直到2015年底,营业厅才开始配备身份证识别仪。此前,只要有效证件都可以补办手机卡,而且都很难识别真假。
此外,上述内部人士透露,直到今年5月之前,临时身份证都可以作为特殊情况使用,而审核基本只能靠人工识别,安全把控风险一直都有。