The Numbers Do Lie: How Thieves Can Steal Your Cell Phone Number And Wreak Havoc On Your Life

If you have an online account, you are familiar with the username/password method of user authentication. If you have been paying attention to recent news stories, however, you also recognize that this method of authentication has some security drawbacks. A quick visit to the website www.haveibeenpwned.com can help identify if your email address has been involved in a security breach, such as the breach that occurred at LinkedIn in 2012. In that breach, user email address and site passwords (stored as SHA1 hashes without salt) were stolen, and many were cracked to reveal the true text of the user's password. This meant that users who re-use passwords across platforms were susceptible to having other accounts accessed by the password thieves (or those to whom the thieves sold that information).

As both a remedial and preventative measure, users can employ the use of a password manager or, preferably, can enable a form of multi-factor authentication ("MFA," sometimes referred to as "2-factor authentication" or "2-step verification") to prevent stolen credentials from being used to access other accounts. One form of MFA used commonly is to have the service provider send a message with a one-time code to a trusted device, such as a cellular telephone, during a log-on attempt. Users of Apple's iCloud, Google's Gmail, or Microsoft's Xbox who have enabled MFA may already be familiar with this process. And it can be used on a variety of platforms, from social media to online banking. But what if someone stole not your cell phone, but your cell phone number and therefore received your calls, text messages, and MFA verification codes? In an emerging fraud trend, criminals are doing just that. Fortunately, there is a way to protect yourself.

This week, T-Mobile began notifying its users of a "port-out scam" affecting all of the cellular telephone industry. In a port-out scam, fraudsters impersonate legitimate users to transfer service for a cellular telephone number to a device in the fraudster's possession. That person would then begin to receive messages meant for the victim, which could...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT