Two-step authentication is awesome but it has one immense weakness.
Because many data management or banking system passwords can be guessed or hacked, a fair amount of these services have two-step authentication. You’ve probably experienced this yourself. You go to log on to your bank account online and you have to report back a verification code that you receive in an SMS text message or a phone call. Pretty secure, right? Well, many identity thieves have found a way past this — illegal phone port scamming.
How does illegal phone port scamming allow access to my locked accounts?
If you have ever switched phone companies or even just switched phones, you know how relatively painless it is to take your phone number with you. You typically show up to a mobile phone store location with your phone, phone number, and an ID only to walk out with your phone number now accessing a different device.
Many identity thieves have begun to take advantage of this simple process as well. Armed with your phone number and a phony form of identification, many can steal your phone number with ease — sometimes without even having to visit a physical mobile phone company location. Once armed with your phone number, they can use the verification that your phone number provides to reset passwords and access to bank accounts, email accounts, or even organizational data systems.
How to Know You’ve Had Your Number Stolen
You may go a while without knowing that your phone number has been illegally ported. However, if your phone number stops working normally and only offers calls to emergency services, you should become suspicious. This is the behavior typical of phones that have been ported for use on other devices. If this happens, you should find a way of contacting your mobile provider immediately.
How to Prevent Illegal Porting
Due to the laxity of the porting process, you may feel helpless to prevent the illegal porting of your mobile number. There are a handful of steps you can take to limit your risk of having your phone number illegally ported and your data compromised.
- Be careful with your phone number. Your number cannot be ported without it.
- Be careful with who knows your mobile carrier. If you don’t have a customized voicemail message, the default one likely tells callers who your carrier is. Consider changing it.
- Be skeptical of any requests to confirm your identity over your phone. This may not be a sign that you have been illegally ported, but that someone is attempting to access sensitive data that requires two-step authentication. If you weren’t trying to access one of your accounts and you receive a request to verify your identification, contact that institution immediately.
- Create additional security requirements for changes in your account. Mobile carriers want you to make it easy to make changes in your account. Sometimes, making crucial changes is a little too easy. Voluntarily create additional security preferences required for obtaining or changing sensitive information.
- Minimize sensitive data in your email inbox. Make sure to regularly clean out sensitive bill data from your inbox from time to time. In the event of someone gaining access to your email inbox, they can use this information to confirm your identity elsewhere to gain further access to other accounts.
- Know how to freeze your credit in a pinch. It’s not a bad idea to know how to quickly freeze your credit if you know that someone has illegally accessed your information. This can prevent future identity theft.