Hackers are hijacking cell-phone numbers as a way to take over financial and social-media accounts.
How it works: A hacker calls your mobile-phone service provider, claims to be you, says that your phone was lost or broken and asks to have the phone number and account transferred to a different cell phone—one that the hacker controls. If the customer service representative doesn’t fall for the ruse, the hacker keeps calling back until he/she reaches a rep who does.
To verify customers’ identities, many sites send a onetime security code to a phone number that the customer provided—which now may be the number that the hacker controls. If accessing an account also requires a password, the hacker may claim to have forgotten this password and ask to have it reset, knowing that a new temporary code will be sent to the number he now controls. Using this method, he might be able to loot your financial accounts, take over your social-media accounts and/or send messages in your name to your contacts.
What to do: Ask your cell-phone service provider whether it’s possible to add a special verbal “call-in” password or PIN to your account that will have to be provided by anyone trying to make changes to the account over the phone. Most providers now will do this upon request. Also avoid entering your cell-phone number on forms unless it’s mandatory—prying eyes at many companies could be collecting numbers. Supply a landline phone number instead.
Ask your financial companies whether they offer “app-based” two-factor authentication, and sign up for it if they do. With this, the onetime code needed to access your account is sent to your phone not as a text message but through a password-protected app on your phone, creating an additional layer of security.
If your phone screen says “no signal” or “emergency calls only” when you are somewhere where you usually have reception, and turning the phone off and back on does not fix the problem, immediately contact your cellular provider from a different phone to ask whether any changes have recently been made to your account.