Your Phone Number is Too Easy to Steal

August 28, 2017

(August 28, 2017) -- The U.S. Federal Trade Commission reports that the number of phone number “hijacking” incidents has been on the climb, with over 2,500 attacks in 2016. Hackers call national phone carriers like Verizon and AT&T and ask them to transfer control of a phone number. Usually, this includes a frantic story to customer service agents that requires the number to be moved to a new device. Sometimes, it takes multiple calls to different agents before one agrees. Once the number is transferred, the hacker will change the passwords of accounts linked to the phone number in order to steal virtual currency or hold important emails and other files for ransom.


Those who have virtual currency like Bitcoin are especially vulnerable. Since e-currency transactions are designed to be irreversible, victims of virtual money theft are left with no chance of regaining their dollars. One Bitcoin entrepreneur, Joby Weeks, had around $1 million drained from his accounts last year. He says that everyone he knows with Bitcoin has gotten their phone number stolen.


Information security officers are urging phone carriers to put extra security measures in place. Adding more complex PINs to accounts has been suggested, but, does not always thwart attacks. The Bitcoin wallet Coinbase is advising customers to disconnect their mobile phones from their account.


Fortunately, funds in traditional accounts with banks and other institutions are not the target of these attacks. This is because any illegal transfer of money is usually caught and reversed within a few days.


What You Can Do: 

1. Use common sense: If you’re asked for your phone number, ask why. In general, don’t give it out to people you don’t know see if you can leave it blank on online forms—even if that means it may take a few seconds more to identify you the next time you make a purchase. 

2. Get a virtual phone number: This is similar to a virtual credit card number, where you have what’s essentially a fake number as your public number. Here’s where you can get one from Google Voice.

3. Enable two-factor or multi-factor authentication on all your devices: This is what happens every time you go to an ATM: to make a withdrawal you need both your debit card and a PIN number. That’s two-factor authentication, which amps up the level of security on your devices.

4. Sign up for the “do not call” lists, which are helpful for run-of-the-mill solicitations.

5. Choose which private data you are willing to share: When asked for your cell number, especially at a retailer, you may be able provide an email address, zip code or just your name as a way to identify you. It’s worth asking about.


Has This Happened to You?

Please report any unrequested transfer of your phone number to the BBB Scam Tracker so that we can monitor and investigate malicious patterns across the internet!