Chances are, you know the basics of mobile security, like using a device passcode, looking out for text and email phishing scams, and avoiding public Wi-Fi. Did you know though that just having a cell phone number could lead to identity theft if you don’t take proper precautions?
Unfortunately, scammers have gotten more sophisticated over the years, and have figured out ways to hijack the cell phone numbers of unsuspecting victims. And because your mobile phone number is likely tied to everything from your email and social media accounts to your bank account, having your cell phone number compromised could prove devastating. The good news is that there are some things you can do to help protect yourself from this type of intrusion. Let’s take a closer look.
How it Works
One of the most common ways that crooks can gain control of your cell phone number is through your mobile phone provider. In this scam, commonly called a “port-out scam”, or “SIM-swapping”, the criminal gathers sensitive information about you. They can get their hands on this information in a variety of ways, including hacking into other accounts of yours, scanning the dark web for information compromised during past security breaches, searching the internet for publicly-available information, or even perusing social media for info you’ve inadvertently posted about yourself. With this information in hand, the hacker can then contact your mobile phone provider pretending to be you, and request that your phone number be transferred to a new device that they have in their possession. This is commonly referred to as having the phone number “ported” over. Typically, all that’s needed to complete the phone number transfer process is the last four digits of your social security number, your address, and your existing cell phone account number and/or login credentials.
Once a criminal has control of your phone number, they can go to town hacking into all of your other accounts. Think about how many of your existing accounts are tied to your phone number. Chances are that any of your accounts that currently use multi-factor authentication deliver a text message with a verification code whenever you’re logging in from an unrecognized device. While this extra layer of protection is sufficient under normal circumstances, it won’t do much good if a crook can retrieve your text messages after porting over your phone number to their device. A crook can also typically use the “Forgot Password” feature to have a new password texted to them. And, if they’re able to get into your email account, they’ll likely have no trouble figuring out where all of your other accounts are located.
Identifying a Phone Number Hijack
If you fall victim to a phone number port-out scam, it likely won’t take you long to realize something is wrong. Once your number is transferred, your phone service will be cut off. When that happens, you won’t be able to make phone calls (other than emergency calls), nor will you be able to send or receive text messages. And, with a phone that’s no longer connected to a mobile phone carrier, you’ll only be able to use the internet if you’re connected to Wi-Fi.
If you suspect your phone number has been stolen, you should take action immediately. Notify your mobile phone carrier at once, then go about contacting any other account providers that could have been impacted, including your bank. The earlier you can notify your impacted accounts, the less opportunity a criminal will have to steal your money, make fraudulent purchases, or open new accounts in your name.
You should also be sure to report the crime to your local police department, as well as the Federal Trade Commission. Having a record of the offense could prove vital down the road if you do need to go about retrieving stolen money, closing fraudulent accounts, or repairing your credit.
Avoiding a Port-Out Scam
While it’s not always possible to prevent a phone number hijacking scenario, there are many safeguards you can employ to help reduce the chances of it happening to you. Here are some tips to consider:
• Keep your mobile phone account as secure as possible. Always use strong passwords on your cell phone account, and if your cell phone provider offers multi-factor authentication or a PIN, utilize them! Also, if your mobile phone account uses security questions, consider using false answers that will be harder for a criminal to guess. The more difficult you can make it for a crook to access your cell phone account, the better protected you will be against phone number hijacking.
• Safeguard your mobile phone account number. Since an account number is typically required to transfer a phone number to a new device, make sure you keep your mobile phone account number to yourself. Shred any paper statements that list your full account number, and if possible, pay your cell phone bill online so you don’t have to send a check in the mail. Oftentimes your carrier will require you to write your account number on the check, and you don’t want that information falling into the wrong hands.
• Beware of “phishy” calls, emails, or texts. If you receive communication purporting to be from your mobile phone carrier, don’t give out any sensitive personal or account information. Phishing scams are a frequent way that criminals get their hands on the information necessary to carry out a phone number hijacking scenario. If you have any concerns about your cell phone account, contact your carrier directly through their publicly available phone number, rather than respond to an unsolicited phone call, email, or text message.
It’s frightening to think about the potential fallout from having your cell phone number hijacked, however being aware of the possibility is a critical first step toward protecting yourself. By taking some basic precautions, being vigilant to the signs of a compromise, and knowing how to take fast action if you suspect one, you can help minimize the chances of credit damage and financial loss.
For additional cybersecurity tips, visit the Bank5 Connect blog.