It’s no secret the mobile phone has become a device we rely so heavily on in today’s world. Forget the password to your social media account? Receive a four-digit pin sent to your phone. The same goes for your banking account, your credit card login, your work network login, etc. Simply enter the digits sent to your mobile phone to recover access and you’re all set. So if it’s so critical and so important, why do we arbitrarily share our phone number so easily, and not take basic steps to secure it?
Compared to email and online banking there are almost no security measures in effect to secure your phone number from being stolen. “Sim swapping” is just one of the easiest ways your mobile phone number can be stolen and your sensitive and private information can be exposed to gain cash. Sim swapping basically involves someone tricking your mobile carrier to port your phone number to a SIM card under their control. It happens at an alarmingly high rate.
With criminals stealing your mobile phone number (or even getting it through legitimate means) and gaining access to your sensitive information by resetting critical logins such as email, social media and banking credentials, there is no stopping where they can expose your information. Think about it, your entire digital life and existence could easily fall into the hands of cyber criminals; retirement information, banking information, even your photos no longer remain private. Your information can easily be traded and sold through crypto currencies and more criminal activities.
With that being said, let’s take a look at phone number attacks as we have been seeing a rapidly increasing number of these show up recently. The digital world considers phone numbers to be a staple in not only proving but securing your identity and they hold priority even over your social security number. Keep in mind that cell phone carriers such as Verizon, AT&T, and T-Mobile are simply carriers, they are sales experts, not security experts.
Remember the Social Media Time-Hop breach on July Fourth of just last year? Where 21 million user records were stolen and out of that, 4.9 million were customer phone numbers? After the breach, Time-hop contacted Verizon, Sprint, AT&T and T-Mobile offering the list of compromised phone numbers so they could take security action such as monitoring for fraud, but only 2 of the providers even accepted the help. How often do we see phone numbers exposed in data breaches and think nothing of it? We need to understand the value and importance of protecting this data like you would your ATM card pin or your social security number.
But external threats aren’t the only thing we should be considering when it comes to phone numbers being compromised. The carrier point of view also holds scary yet daunting security risks. Take the low-wage sales employee, what’s stopping them from changing sensitive account holder information and controlling the identities of numerous accounts for personal benefit?
While phone number attacks are more difficult to come by compared to phishing attacks, the pressure to hold carriers to higher security means remains stagnant. In the end, it is the customer who needs to take action in securing their sensitive information. From setting account passwords, insert Do-Not-Port orders on accounts, and more.
On the other hand, carriers can combat hacking and theft with tools they have access to such as two-factor authentication. Carriers also have the opportunity to buckle down on their internal team members and require stricter access when it comes to making changes to customer accounts.
Think about it, this digital age we live in is exciting yet scary regarding security to say the least. With more ways becoming present to recover our data from accounts and more, our sensitive data is at a huge risk. Take control of your personal information and be sure you have the measures and means in line to combat potential security breaches.
So now that you’re (hopefully) aware and maybe a little scared, what can you do? I have 3 pieces of advice for you on actions you can take right now.
- Call your mobile carrier and set your account to PIN locked. That means nobody will be able to make a change to your account without having the proper PIN for access. This is the basic precaution you need to put in place to prevent SIM swapping.
- If at all possible, change the two-factor authentication method for any of your accounts away from phone messaging (SMS) to something more secure. Google Authenticator for example is free as a user, and many sites are starting to support it. If your bank or other critical service does not, call them and insist they offer a more secure option.
Get a “virtual” phone number to use for everyday use and share that with people who need your number, but don’t use it for 2FA in cases where you need to keep using a phone.Services like Google Voice have apps that run on your phone and work just like a phone number, but shield your actual phone number (and underlying account information) from nefarious actors.