Tech Tips: Phone Fraud

You’re sitting at home and suddenly, your phone stops working. No data, no phone calls, no text messages. You call Sprint and they tell you that your SIM card has been activated on a new device. Confused, you start logging into your accounts online and find that your passwords no longer work. And your bank account has been drained. What’s going on?

Chances are, you’ve been hacked. A SIM Swap fraud is one of the fastest growing forms of cyber-crime across the world, and it works because we have become so dependent on our mobile phones.

How does a SIM Swap work?

Simply put, a SIM Swap is when someone steals your mobile phone number.

Here’s how it works:

  • A cyber-criminal calls your carrier and poses as you. 

    • They claim their SIM card is lost or is not working properly;

    • They are able to convince your carrier that they are you by using information gathered from your social media, a successful phish or information found on the dark web; 

  • The hacker ports your phone number to their device, allowing them to perform routine password changes; 

    • Many of the online services that you use will simply send a text to you for confirmation when you want to change your password or you forgot your UserID. Since the hacker has your cell number, they receive this confirmation text; 

  • Once they change your password, they own your account;

This hack has been around for a while. Back in the day, criminals only attacked high-profile, wealthy bitcoin dealers. Not many of those guys around any longer. Now they’re targeting the rest of us.

Here are some ways to prevent this hack:

  • Start with your mobile service provider. While most carriers still default to using a standard PIN and/or security questions, this isn’t enough. Ask what other security measures they offer so that someone can’t impersonate you on the phone or in the store; 

    • It may be inconvenient, but it’s worth it;

  • Next, catch up with your bank. Most financial institutions have automated alerts to let you know when something happens on your account. Use all alerts your bank offers.

    • Just ignore the false positives.

  • Learn to recognize phishing emails and other scams. That’s how it usually starts;

  • Take it easy on what you provide on your social media accounts – keep your personal information private;

  • Use two-factor (or Multifactor) authentication (MFA)) whenever possible, especially on non-Duke systems;

  • Switch from SMS to encrypted messaging apps

  • ALWAYS report suspicious behavior to your cell phone provider and your bank.

Scroll back to top automatically