How To Keep Your Phone Number From Being Hijacked: Questions & Answers
Cybercriminals have found a way to break into online accounts using mobile phone numbers. They can take over your mobile phone account, which then allows them to intercept your two-factor authentication verification codes. With these, they can access your bank, credit card and other accounts. Learn how to prevent phone porting by criminals.
How Does This Scam Work?
It’s called the port-out scam. Essentially the scammers are taking advantage of porting that allows you to take your phone number with you when you change wireless carriers.
Carriers must comply with your request to port your phone number. They’ll do so as long as the person making the request can verify their identity.
However, today, there are many ways that hackers can get your identity information online. If they have enough information about you to convince your wireless phone company that they are you, they can have your phone service transferred to their mobile device. They can do this online or by visiting the wireless store.
You won’t notice that your number has been ported right away, so this gives hackers time to access your online accounts. Eventually, you won’t be able to make or receive calls. When this happens, you’ll probably contact your phone company. This is when you’ll learn that your number has been ported illegally.
Lorrie Cranor, FTC Chief Technologist, even had her number hacked. She shares her personal experience with this.
“A few weeks ago an unknown person walked into a mobile phone store, claimed to be me, asked to upgrade my mobile phones, and walked out with two brand new iPhones assigned to my telephone numbers. My phones immediately stopped receiving calls, and I was left with a large bill and the anxiety and fear of financial injury from identity theft. This post describes my experiences as a victim of ID theft, explains the growing problem of phone account hijacking, and suggests ways consumers and mobile phone carriers can help combat these scams.”
How Can You Prevent Being a Victim?
Call your wireless carrier and ask for PIN authentication for your wireless account. Some carriers like Sprint require you to create a PIN when you open a new account.
Here’s what Fraud.org says to do:
This scam can be financially devastating to its victims, but there are several steps you can take to prevent the scam from happening in the first place:
“Contact your carrier and ask them to add a unique personal identification number (PIN) to your account. This PIN number will need to be provided any time you wish to make a change to your account, including upgrading your cell phone. This extra layer of security will help stem any would-be scammer from running the port-out scam on your phone. The process for adding a PIN depends on your provider. See below for details on how to add an account PIN for each of the four major national wireless providers:
- AT&T – Log into your ATT.com account, go to your profile by clicking your name, and under the wireless passcode drop-down menu, click on “manage extra security.”
- T-Mobile – Call 611 or (800) 937-8997 from your cell phone to speak with a customer service agent.
- Sprint – Sprint automatically requires their customers to set up a PIN when an account is opened.
- Verizon – Call customer service at (800) 922-0204.
For those who want to go one step further, Fraud.org has this recommendation: See if your accounts that use two-factor authentication offer an app-based way, such as Authy or Google Authenticator, to receive that one-time verification code.”
The CTIA Wireless Association, a trade association representing the wireless communications industry, also issued a news release earlier this month: Protecting your accounts against number porting.
They advise that:
“If you stop receiving calls or texts, and you don’t know why, contact your wireless provider immediately. Even if you don’t use your mobile device often, you should check regularly for provider and account alerts.”
What Are Wireless Phone Companies Saying?
Wireless phone companies are warning their customers about this scam. They are encouraging customers to add a port validation feature to their accounts by using a PIN.
Brian Rexroad, VP Security Platforms at AT&T, provides more tips to keep your phone number secure:
- Be cautious about sharing your phone number. Be selective in what number you share with the companies you do business with and limit how often you share it with others. This includes on social media or websites.
- Add all “extra security” measures to your AT&T Wireless accounts. If you create a unique passcode on your AT&T account, in most cases, we’ll require you to provide that passcode before any changes can be made, including ports initiated through another carrier. Follow this link for more information.
- Consider freezing your credit to help prevent a new account from being opened in your name. Read more about setting up a credit freeze in this Cyber Aware blog.
- Keep your personal email inbox clean. Delete phone bills, bank statements and other emails that may include personal information. If your email account is compromised, you can minimize the chance hackers can get sensitive information.
- Refresh yourself on our Cyber Aware tips to protect yourself online.
As an added layer of security on your landline, you can add a PIC freeze or Primary InterExchange Carrier Freeze. A PIC freeze prevents unauthorized account changes without customer approval. If a port out request is submitted, the PIC freeze feature tells the new provider no change can be made until the customer removes the freeze. If it’s a legitimate request, the PIC freeze can be quickly and easily removed with the proper authentication.”
Did you find this article helpful? If so, check out others on our Blog.