Criminals are always looking for new ways to scam people. Recently they’ve figured out ways to hijack people’s cell phones, thereby charging brand new smartphones to their account and even gaining access to financial accounts that make use of two-factor authentication that use the victim’s phone number.
- What is phone hijacking and how does it happen: Phone hijacking happens when a thief goes into a cell phone store or calls the cell phone carrier and pretends to be you. The account hijackings can occur without victims even providing info to fraudsters. Some reverse-lookup websites will identify the carrier associated with U.S. phone numbers for free or for a small fee. Black market websites will sell thieves dossiers containing all sorts of information, including Social Security numbers. Using your phone number and other info, criminals can then take control of your wireless account. Sometimes they buy new equipment, like expensive smartphones, and bill them to your account. That’s what happened to FTC Chief Technologist Lorrie Cranor last summer, which she details in this post. Using a fake ID, a thief was able to charge two brand new iPhones to Cranor’s account. She didn’t realize something was amiss until her and her husband’s smartphone went dead around the same time. In some cases, that’s what the thief wants — brand new phones they can turn around and sell. Other times the motives are much more nefarious. Some thieves will then use the victim’s hijacked phone number to gain access to financial accounts that make use of two-factor authentication through text message. You might have heard this called a SIM swap scam or phone porting. The thieves might have access to the victim’s bank account, which they could have gained a number of ways — by buying it on the black market or nabbing it in a phishing attack. Then they call the cell phone carrier, impersonate the victim and give the customer service agent a dramatic sob story about their phone being stolen. The agent then cancels the SIM card and activates a new one. The thieves can then reset passwords on accounts where the phone number is used as a security back up — resulting in drained bank accounts and the like.
- This type of identity theft has been rising: According to the FTC, in January 2013, 1,038 incidents had been reported. Three years later, in January 2016, that number had more than doubled, coming in at 2,658. It’s likely that many cases are not reported at all.
- The latest victims use virtual currency: Virtual currency investors have been targeted of late, as this New York Times story details. One man’s phone was taken over and minutes later, the attackers “changed the password on his virtual currency wallet and drained the contents — some $150,000 at today’s values,” according to the story. Another Bitcoin entrepreneur interviewed for the New York Times story lost a million dollars in the virtual currency, never to be seen again, since virtual currency transactions are irreversible.
- Preventative Tips:
- If your phone provider has yet to request it from you, ask to set up a PIN.
- If after restarting your phone it suddenly says no signal or Emergency Calls Only, use another phone to call your provider and check the status immediately.
- Phishing scams can lead to phone hijacking so don’t click on suspicious links.
- Be careful who you share your phone number with and certainly don’t include it on social media profiles or posts.
- Don’t talk about Bitcoin or other cryptocurrencies on social media or to the news media as it makes you a target.
- Don’t use the same passwords on multiple websites.
Millions of Americans have their identity stolen every year, and they don’t know how to repair the damage. If you’re a LibertyID subscriber and your identity is stolen, we will fix it. Our certified restoration specialists could save you hundreds of hours of work by placing fraud alerts, making all the necessary phone calls, filing the disputes and contacting government agencies, creditors, insurance companies and more. There’s no limit to the time or money we will spend to restore your identity to pre-event status.
Are you covered for identity theft?