Identity theft is one of the worst things that can happen to someone online, and getting rid of the problems that follow might become a never-ending quest. Considering that millions of consumers have had personal details stolen in the last few years, cyber criminals have a seemingly easy task at hand: gathering enough data about a person to start impersonating him or her for financial gain.
Now authorities are now investigating a new type of fraud based on stealing someone’s identity which is currently surging: stealing mobile accounts.
Attackers in these scenarios gain access to a person’s mobile account by impersonating that customer. They proceed to order phone upgrades to high-end devices, usually iPhone, and the devices are then sold to third parties. The owner of the account might not be affected financially, even though he or she could take a temporary hit, but the carrier ends up paying for it.
However, when this type of attack occurs, a person’s mobile phone might unexpectedly die, causing a series of unwanted side-effects. Imagine not being able to log into any online service because your phone doesn’t work for authentication anymore.And imagine an attacker having temporary access to two-factor authentication passwords for your accounts. In most fraud cases, the perpetrator walks away with a brand new phone that has the number belonging to the person who’s targeted in the attack.
Nobody is safe from these attacks. The carriers, NBC News reports, know about the matter and have steps in place to ensure that only an account holder can make changes to a mobile phone account. But if a criminal has personal data belonging to his or her target, then bypassing these security steps is probably very easy.
Dena Haritos Tsamitis, who knows a thing or two about cyber security since she teaches it at Carnegie Mellon University, was a target herself. She lost access to her account in March. When calling customer support, they said she went to a store in New York City where she upgraded two of her phones to iPhones, shutting down the old devices. She lives in Pittsburgh and has not been to New York, and she never authorized the transaction.
“It was a nightmare. It was hugely inconvenient and caused a lot of stress, but it would have been much worse had I needed to use the phone,” she said. “I had to cancel all of my meetings and spend the next day in the phone store.”
Lorie Cranor, who’s the chief technologist for the FTC, had the same thing happen to her on the day her husband died. This goes to show that nobody is safe.
The FTC is aware of this type of fraud and it’s investigating cases. The number of incidents, however, is increasing at a steady pace. In January 2013, some 1,038 cases were recorded. Three years later, the number reached 2,658.
If you’re the target of such an attack, it’s likely that criminals have somehow stolen plenty of details about you. That means you should start securing your digital assets with better passwords immediately. The next time they try to impersonate you, they might be going after something else that could be a lot more damaging financially.
You should also enable a second layer of security for your mobile account, a password or PIN that would be required to make changes to it. All carriers offer the feature – here’s how to enable it.