Jafo made the remark on a post of mine recently that he does no banking on his phone. There's an excellent reason not to. I'd heard it wasn't wise because of the vulnerability of phones, and public networks (man in the middle attacks), though not because of SIM swap fraud!
So, I have to admit, this one's a new one for me. SIM swap fraud. Turns out they’re easy pickings for hackers. So, what’s SIM swap fraud?
"SIM swapping occurs when someone contacts your wireless carrier and is able to convince the call center employee that they are, in fact, you, using your personal data. They do this by using data that's often exposed in hacks, data breaches, or information you publicly share on social networks to trick the call center employ into switching the SIM card linked to your phone number, and replace it with a SIM card in their possession."
Once that's accomplished you're the victim of identity theft. Think about what's in your email, bank info, etc. So, they're in your phone and first thing, they change your emails' passwords, your social media passwords, if you have cryptocurrency passwords, they're now in the hacker's possession, as well as any codes sent to your phone as two factor identification, etc. Getting the picture?
"You can decrease your chances of someone gaining access to and taking over your phone number by adding a PIN code or password to your wireless account. T-Mobile, Verizon, Sprint and AT&T all offer the ability to add a PIN code.
Some companies, like Sprint, require you to set up a PIN code when you sign up for service. However, if you're unsure if you have a PIN code or need to set one up, here's what you need to do for each of the four major US carriers.
- Sprint customers: Log in to your account on Sprint.com then go to My Sprint > Profile and security > Security information and update the PIN or security questions then click Save.
- AT&T subscribers: Go to your account profile, sign in, and then click Sign-in info. Select your wireless account if you have multiple AT&T accounts, then go to Manage extra security under the Wireless passcode section. Make your changes, then enter your password when prompted to save.
- T-Mobile users: Set up a PIN or passcode the first time you sign in to your My T-Mobile account. Pick Text messages or Security question and follow the prompts.
- Verizon Wireless customers: Call *611 and ask for a Port Freeze on your account, and visit this webpage to learn more about enabling Enhanced Authentication on your account."
If you have service through a different carrier, call their customer service number to ask how you can protect your account.
Most likely, you'll be asked to create a PIN or passcode.
When creating a PIN or passcode, keep in mind that if someone has enough information to fake that they're actually you, using a birthday, anniversary, or address as the PIN code isn't going to cut it. Instead, create a unique passcode for your carrier and then store it in your password manager."
Short of having empty accounts, how can you tell if you're a victim? A very quiet phone and the inability to make calls. That includes customer service at your carrier, but store the number in your phone to call from someone else's phone:
"Here are the customer service numbers for each major carrier. Put your carrier's number in your phone as a contact:
- Sprint: 1-888-211-4727
- AT&T: 1-800-331-0500
- T-Mobile: 1-800-937-8997
- Verizon: 1-800-922-0204"
Remember to get a good password manager (we'll talk about them in a subsequent post)...and, good luck!