In light of yet another data breach this week (of CapitalOne in case you missed it), it seems a good time to review cyber safety. A client recently brought to my attention a type of identity theft that I had not heard of before. It involves a thief stealing your cell phone number and porting it over to a new phone. They then use the dual authentication via text code to hack into your financial accounts to steal money. Given how pervasive dual authentication is for everything these days, I decided to learn a bit more about this particular type of scam.

What I realized is that this type of scam has been around for a while, but has been growing in popularity. I found articles from as far back as 2013 that referenced it. Sometimes the fraud is focused primarily on the mobile carrier account, adding lines, buying new phones, etc. However, more serious crime is occurring where the thief then uses the cell phone number along with other stolen information to gain access to bank accounts that use two-factor authentication through text messages. Thieves sometimes buy or gain access to personal information from black market websites. They also obtain it by calling the victim and pretending to represent the phone carrier to ask for certain verification information, such as the last four digits of their social security number. Once they obtain the necessary information they call the carrier, provide the information, and have the phone number ported to a new phone. At which point the victim loses phone service.

There are a variety of measures that can be taken to protect yourself from this and other scams. Here are some I found particularly helpful:

  • Add an extra layer of security to your cell phone account. I use AT&T and was able to add an extra PIN that must be provided for all interactions with the company via the “manage extra security” link in my profile on the website.
  • Be very selective of who you give your cell phone number to. One article compared a cell phone number to a social security number, but without the regulations. Given how much information is tied to and secured by cell phone numbers, it’s important to be very careful who you provide it to. Whenever possible, either refuse to provide it or provide a home phone number instead.
  • If you get a suspicious call from someone claiming to represent your cell phone carrier, hang up and call the company back from a customer service number provided on your statement.

Given the many ways thieves find to steal personal information and commit identity theft and financial crimes, it is critical to be careful about what information you provide and to whom. It’s also a good idea to protect yourself with good password hygiene and by freezing your credit with the credit agencies. Sadly, we live in an era where the criminals always seem to be one step ahead of our efforts to protect ourselves.