|
|
|
|
|
|
by pmontra
1357 days ago
|
|
|
I'm sure that there are plenty of nasty scenarios. This is one. 1. The attackers create my.name@somedomain.com / my.name.12345@gmail.com and/or use a throw away phone number (especially if the email provider uses some 2FA linked to a phone.) 2. They register an account on a web service using that email or install an app on that phone, maybe a virtualized one. Upload a picture of me as icon or fake one. 3. Use my fingerprints on their phone to get through any possible biometric 2FA. 4. They are me. If they find a way to automate all those steps or make the labor costs small they can register a lot of bots that are real people, because 2FA says so. It's up to their imagination to find a way to profit from that. |
|
|