Protecting yourself against cybercrooks is a full-time job. It seems like identity thieves and fraudsters never run out of schemes and ideas to rip you off and steal your hard-earned funds.
One of the scariest threats out there is when a would-be criminal will try and intercept the two-factor authentication codes that are being sent via SMS text messages to your phone.
As you probably know by now, two-factor identification is a fancy name for adding an extra verification step to the login process of your most critical accounts. With this setting enabled, instead of just providing your username or password to log in to an account, a secondary form of verification is required to prove your identity.
The most popular form of two-factor identification right now is a special one-time code that's texted to your cellphone. The idea is that even though hackers may have figured out your password, it's unlikely that hackers have physical access to your smartphone too.
But what if the criminals manage to steal your phone numbe? Well, that's a double whammy of sorts. Coupled with your other credentials, this means they'll have access to all your two-factor verification codes as well.
Sound far-fetched? Well, it's happening more often than you think. Read on and learn all the precautions you can take to protect your bank accounts from this growing menace.
What is a port-out scam?
We've been warning you against this scam that's quickly becoming another integral part of the cybercriminal's toolkit.
It's called the port-out scam and it's a clever scheme for identity thieves to not only get into your online accounts but to drain your bank accounts, too.
Here's how it works. Through social engineering and phishing scams, a fraudster first finds out critical information about you such as your name, phone number, Social Security number, date of birth and more.
They can also use keylogging or spying malware or buy personal information databases from the Dark Web.
Once the criminal has this information they call your mobile phone service provider pretending to be you, and tell them that you're switching to another company but want to keep your phone number. Transferring your number from, say, Verizon to AT&T is a process called porting.
The porting process may take up to 24 hours to complete. The problem is this - during the transition, both phones could be functional. During this window of opportunity, a scammer can have access to all of your text-based authentication codes too.
Meaning, any text messages that you receive on your phone will also be seen by the scammer on the phone to which your number is being transferred.
Tip within a tip: Closely related to the port-out scam is the SIM swap scam. Click here to read more about this related scheme.
This opens the door for all kinds of problems. If you have two-factor authentication set up on your bank accounts, or any online sites for that matter, the scammer will be able to get the code needed to log into your account.
From there, you could become a victim of identity theft and even have money stolen from your bank accounts.
Note: Please don't let this turn you against two-factor authentication. It's an important security layer that you should be using whenever possible.
The problem isn't two-factor, it's the criminals trying to rip you off. There are ways to prevent falling victim to these types of scams, keep reading for suggestions.
How to protect yourself against port-out scams
1. Add a unique PIN to your phone account - All carriers have additional options to secure your account against port-outs and SIM card swaps.
These options include setting up a PIN or additional security questions. Contact your mobile provider directly and speak to them specifically about adding porting and/or port out security on your account.
And make sure that your PIN is random, unique and not personally tied to your other information. For example, don't use your house number or your birthday as part of your PIN.
2. Watch out for phishing attempts - Scammers will typically send out phishing emails disguised as important alerts and warning messages to scare you into clicking a malicious link. If you have any concerns about your accounts, it's safer to just log in directly to a company's website or call its customer service line and proceed from there.
3. Beware of social engineering scams - Don't reveal any personal information to strangers, especially on online chats, no matter how casual and friendly the conversation may be. Also, crooks are starting to pose as people that you may know with fake Facebook accounts so please be vigilant (even with your friends).
4. Use every security option available - For extra security, don't just rely on your credentials and two-factor authentication codes to secure your accounts. When available, you can also use app-based authentication codes from services like Google Authenticator rather than relying solely on text-based codes. Due to the rising cases of port-out scams, even email codes can be safer than text-based authentications.
5. Contact your carrier immediately if your phone suddenly gets deactivated - If you're in a known area and you suddenly lose your network connection, contact your carrier immediately. Use another phone, if needed. Criminals are counting on this window of opportunity to perform their nasty deeds so you have to act quickly.
5. Store your credentials in a password manager - As we mentioned earlier, unique and random PINs and passwords are essential for your online security. But how could you possibly keep track of all of these PINs, passcodes, and passwords securely and reliably? To help you sort out your password woes and effectively solve them, a password manager is a must.
We recommend our sponsor LastPass for all your password management needs. With LastPass, you can easily create, manage and save complex and unique passwords for multiple sites and services then access them across multiple browsers and devices.