Phone hijacking: When criminals take over your phone and everything in it
Authored by a Symantec employee
Hackers have figured out a way to hijack cell phones and steal the valuable information contained in them. Culprits are going after emails, photographs and payment apps to commit larger crimes like blackmail, fraud and theft. All this is accomplished with just a phone number and a whole lot of social engineering.
How it works
The criminal contacts the cell phone service provider of the victim and requests a transfer of service from an old phone to a new one. They then provide the cell phone company with the last four digits of the victim’s Social Security number and a fake ID. If they don’t have this information, they may come up with a convincing story about losing or damaging a phone, and then they make it seem plausible by providing the address, birth date and other information about the victim that is easily available on the Internet. When convinced, the company may port the number to a new device that the criminal now has complete control over and disconnects the victim’s phone.
With full access to the victim’s “new” phone — and the information on it — the criminal can now reset the passwords on every account that uses the phone number for auto recovery.
The victim’s phone may also be used to hack into other aspects of his or her life. With access to payment apps, emails, photographs, financial sites and other sensitive data, the criminal can use it to steal money or blackmail and threaten the victim. Even sites that use two-factor authentication may now be accessed. When credit card companies and banks see a red flag in spending habits they may call the customer’s number. However, the call may go to the criminal. In the case of an email, the criminal may have changed the email password, leaving the victim unable to sign in to his or her account.
Who could be a victim?
This crime tends to be more widespread among virtual currency users. Cryptocurrency is easy to launder, and most transactions are irreversible. This does not mean those who don’t use virtual currency are not vulnerable. If you have a phone and a gullible customer service operator who may port your number without requesting proper identification, then you may be at risk.
Tips on how to help prevent phone hijacking
- Mobile phone carriers are aware of this crime and are taking steps to ensure that their customers are taken care of. Most mobile phone carriers now request customers to create a PIN. Whenever a customer contacts the service provider, the PIN is requested. If you think you do not have a PIN, call your cell phone provider and make sure you didn’t opt to disable it when you signed up.
- If your phone receives “no signal” or says, “Emergency calls only,” even after restarting the phone, then use another phone to call your provider and have them check the status immediately.
- Phone hijacking can also happen via phishing attacks. Do not click on suspicious links. Malware embedded in links can secretly download on your device. When in doubt, open a browser and type in the address you wish to visit.
- Do not publish your phone number on your public profile on social media.
- Be discreet about mentioning cryptocurrency on social media. Cryptocurrency is the one of the most sought-after forms of currency in this type of crime*.
- Review your credit card bills, bank statements and phone bills. If something doesn’t add up, report it immediately.
- Do not use the same usernames and passwords across several websites. Make your passwords long, complicated and difficult to guess.
Criminals are constantly finding newer ways to scam people. They use a combination of technology and tactics to gain access to information. As in this case, criminals use personal information to deceive phone company customer service representatives. Phone hijacking is just one of the many crimes that may lead to identity theft.
Identity thieves also use phishing as a means to gain access to phones. Seemingly harmless links that carry with it harmful malware are sent as a text message or an email to the victim. Upon clicking on it them, these links download information from your phone and broadcast it to devices operated by identity thieves. To protect your devices from malware and viruses that steal information, invest in reliable security software like Norton Security. Identity theft may happen offline too. That is why having an identity theft protection service helps. When this service finds uses of your Social Security number or other personal information, it will send you a notification.† If you know that you didn’t use your number recently, you can let your identity theft protection service know, and they will work with you to fix the potential identity theft.
LifeLock is one such service that offers you identity protection. The unique combination of Norton Security and LifeLock offers comprehensive protection that is needed to explore the digital world safely.
Make sure you are aware of the threats out there. Don’t let criminals take over your phone and your life.
*Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency
No one can prevent all identity theft.
† LifeLock does not monitor all transactions at all businesses.
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome and Android are trademarks of Google, LLC. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced and/or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other company names and product names are registered trademarks or trademarks of each company.