The battle against cybercriminals is always evolving. That’s because when we catch on to their scams, they change them up to find more victims.
This is why we’re always having to come up with more secure ways of protecting our critical information. Can you imagine the damage that could be done if a hacker is able to get access to sensitive data on your smartphone?
As usual, even with advanced security systems like two-factor authentication codes, criminals have a way to take over your phone number and intercept your calls and messages. With all the two-factor authentication text messages they can request, they can take over your bank accounts, too!
To protect your cellphone carrier account from being compromised, there’s actually another layer of security you need to employ. Read on and see how a simple PIN code on your cellphone account can be a lifesaver!
But first, let’s explore how criminals are able to take over personal phone numbers.
The SIM card swap
You are probably familiar with the SIM card – that little chip that’s inserted in your cellphone to identify you within the cell network and assign you your phone number.
If your phone is lost or stolen, your cellphone provider will issue you a new SIM card to activate and use on your new phone. However, some devious criminals out there have found a way to rip you off using your own SIM card against you. Yikes!
Here’s how a SIM card swap scam works. With stolen personal information, the fraudster will contact your cellphone carrier and claim that your phone has been lost, damaged or stolen and you need to activate a new phone with a fresh SIM card.
If they successfully pass the carrier’s identity checks by answering your security questions, your old SIM card is deactivated and the SIM card in the criminal’s hands is activated. All your calls and texts are now received on the criminal’s phone.
Once your SIM card is deactivated, your phone, of course, will stop working, usually with a “No Service” warning. This is the first warning flag you’ll have to watch out for.
The criminals then attempt to claim your online banking account, again using the personal information gathered, but this time, they will also use your phone number for two-factor authentication codes. With this crucial window of opportunity, they will start changing your profile settings then add and set up their own withdrawal accounts.
With these additional accounts set up, the criminals start draining the victim’s bank account.
The cellphone number porting scam
Another similar scam is known as a porting or port-out scam.
It works like this. A fraudster finds out critical information about you such as your name, phone number, Social Security number, date of birth and more.
Much of this information is obtainable on the Dark Web thanks to all the data breaches that have happened in the past like the massive Equifax hack of 2017.
Once the criminal has this information they will call your mobile phone service provider pretending to be you, and tell them that you’re switching to another company but want to keep your phone number. Transferring your number from, say, Verizon to AT&T is a process called “porting.”
The porting process may take up to 24 hours to complete. During this time both phones will be functional. Meaning, any text messages that you receive on your phone will also be seen by the scammer on the phone your number is being transferred to.
This opens the door for all kinds of problems. If you have two-factor authentication set up on your bank accounts, or any online sites for that matter, the scammer will be able to get the code needed to log into your account. From there, you could become a victim of identity theft and even have money stolen from your bank accounts.
Protect yourself against these types of scams
Are there ways to stop these phone scams? Yes, there are some precautionary steps you can take.
First, whenever possible, you may want to stop using your personal number for your two-factor authentication codes. Here are better ways to receive your codes.
Another great way to avoid falling victim to a SIM card swap or phone porting scams is to add a PIN code to your smartphone carrier account. This will add a third layer of protection that the scammer won’t have access to.
Here’s how to set one up for each of the major U.S. carriers:
There are a few ways to set up your PIN code with Verizon. The easiest is to visit VZW.com/PIN and set up your PIN. You can also set one up by visiting a Verizon store or calling the company at 1-800-922-0204.
Having a PIN for your account is actually required by Sprint. To check on yours or update it, log in to your Sprint account and select My Sprint >> Profile >> Security Information. Once you’ve selected or updated your PIN click Save.
Log in to your AT&T account. Then select View Profile >> Sign-in Info >> Wireless Passcode >> Manage Extra Security. This is where you will create your PIN. Click here for AT&T’s instructions.
T-Mobile makes it really easy to create a PIN. Simply dial 611 or 1-800-937-8997 on your phone. You can even create a longer PIN than the other carriers, up to six digits where the others are four digits. You can also visit any T-Mobile store for PIN code setup assistance.
To change your MetroPCS PIN code and security question answer, sign in to your MetroPCS account or by calling MetroPCS Customer Care at 1-888-863-8768. MetroPCS also has a dedicated number for reporting suspected port-out scams at 1-888-8Metro8.
Is your phone safe? Hackers can easily hijack it and steal your information
In this episode of Komando on Demand, Kim explores the serious threat of hijacking smartphones and how cybercriminals can ruin your life.
Founder and CEO of InForceCyber.com Asen Kehayov, who is a Certified Ethical Hacker from Bulgaria, advises on what people can do to safeguard their data.