Imagine one day having trouble with your smartphone. You contact your phone carrier for help, but they say you’re no longer a customer, and that you recently transferred your mobile phone account to another carrier. Voilà! You just became a victim of a growing cybersecurity threat—mobile phone account takeover.
Consider the story of Tiffany and Kevin Bennett, who suffered this new form of identity theft.
One day, Tiffany received an email from her mobile phone company saying the password on the mobile account had been changed. She shares the account with her husband, Kevin, and figured that he must have changed the password, so she ignored the email alert.
A few hours later, however, Tiffany could no longer send or receive any messages. When Kevin tried to call her phone number, it rang—but not on Tiffany’s phone.
What happened? Someone hacked into the Bennett’s mobile phone account and forwarded Tiffany’s number to a new phone. All of her calls and texts were being forwarded to this number, too.
The hacker was then able to enroll one of the Bennett’s credit cards, bought on the black market, in Apple Pay. When the credit card company texted the verification code to Tiffany’s number, the hacker received it instead. With access to their credit card, the imposter was able to spend hundreds of the Bennett’s dollars.
Eventually, the Bennetts got back their money and control of Tiffany’s phone number, but the entire process was very stressful and time-consuming.
How did this happen? The Bennetts were missing a crucial but simple security feature on their mobile phone account—a PIN.
1. Set a PIN on Your Smartphone Carrier Mobile Account
The most important thing you can do to stop mobile account takeover is to protect your account with a PIN. Here, we are not talking about setting a PIN or passcode on your physical device, but rather on your account with your mobile carrier.
When you add a PIN to your account, no changes can be made without that PIN. It’s essentially like freezing your credit—until the freeze is lifted, no changes or new devices can be added.
This blocks hackers from accessing information in your account, adding a new device to your plan, or forwarding your number to a new number (like what happened to the Bennetts)—all parts of complex, growing frauds.
Anytime you log into your account online, call your carrier, or visit a physical store, you will be prompted to enter your PIN. You can set this feature up online or over the phone. It only takes a few minutes but adds strong security. Remember, don’t use a PIN that is easy to guess like your birth date or the last four digits of your phone number.
2. Protect Your Smartphone With a Passcode
Recently, Symantec performed a study and dropped 50 unprotected smartphones in public spaces to see what would happen. The results were eye-opening.
They discovered that 89% of people who found one of these phones opened personal apps such as online banking. Sixty percent opened social media, and email apps and 57% tried to open a passwords file. And while 50% of the finders tried to contact the owner of the phone, half of them also took a dive into the owner’s personal life.
Adding a passcode to your device may seem like a simple approach yet one-quarter of smartphone owners do not lock their device.
If you use an iPhone, you have a few passcode options: a four-digit code, a six-digit code, or a custom alphanumeric code. The six-digit or custom alphanumeric codes are the most secure choices. You can enable or change your passcode through Settings, where you select Touch ID & Passcode.
Android users also have multiple options. You can choose from a lock pattern, a four to seventeen digit code, or a password. And while some people like the lock screen option, many security experts warn that it is not the most secure option—someone could guess the pattern by the fingerprints on your screen. Instead, choose the password or a long code. Again, this can be done through the Settings feature.
3. Activate The ‘Find My Phone’ Feature
If your phone is lost or stolen, you’ll be glad you put a passcode on it. But you’ll also want a way to try to get your phone back.
Both Apple and Android phones have built-in features that allow you to track your phone, remotely turn off and lock your device, and even delete the data stored on your device.
For Apple users, this is called Find my iPhone and it is pre-installed on any iPhone running iOS 7 or higher. You can enable it by going to Settings, iCloud, and enable Find my iPhone.
Android users can activate Find My Device on their phone or tablet. To turn this feature on, go to Settings, Google Settings, and then Security.
Note that for both types of devices, you’ll need to activate location services for the feature to work.
4. Update Your Smartphone Software and Apps When Prompted
Often, people are reluctant to update their phone software because they don’t want a new operating system that changes the phone’s interface. But these updates usually are not cosmetic—more often they close known security vulnerabilities. Putting off the update because you don’t want your messages app to change is putting your security at risk.
And the operating system is not the only program that you need to keep updated. All of your apps need to be updated as well. Hackers can find their way into your phone through security holes in outdated apps, so be sure you are updating all of your apps regularly.
And also take note that you should only download apps from the official App stores for your device. Apps outside of these stores are not checked for malware or privacy settings and may compromise your privacy and security.
5. Back Up Your Phone Regularly
Another important action you need to do regularly is to back your phone up to two places—the Cloud and your computer.
The reason you want to regularly back up your phone is so that if something does happen—you download malware or your phone is hacked—you can do a factory reset and essentially erase your phone while knowing your data is safe in two other places. Once you clear your phone, you can download your data from a backup.
To back up your phone to your computer, connect your phone via USB and follow the instructions on your screen.
iPhone users that have enabled iCloud can back up to the Cloud automatically every time the phone is plugged in and connected to Wi-Fi. iPhone users should back up to their computer every so often as well. To do so, physically plug your phone into your computer using the USB charging cord and open iTunes. You will be guided through the process.
Android users can link their phone to their Google account for automatic backups through the Settings folder. To create a backup on your computer, connect your phone using a USB cable and copy your phone’s SD card into a folder on your desktop.
Take Action Today to Protect Yourself From Cyber Theft
You can take these key actions now to protect your smartphone from hackers. As with all cybersecurity choices, you need to decide the level of security you want for your device. Implementing all of these options will give you the best protection, but even choosing just a few will significantly boost your cybersecurity and peace of mind.
If you have any questions, comments, or concerns, I’d be happy to discuss them with you. I’m simply an email or phone call away and can be reached at firstname.lastname@example.org or 330-836-7000. You can also schedule an appointment with us by clicking here.
Many happy returns on life,
Jonathan Torrens CFP®
President and Chief Investment Officer
TCM Wealth Advisors
Is Your Portfolio Prepared For The Next Bear Market?
To see if your current portfolio matches your risk tolerance level, you can take this brief five-minute quiz for a complimentary review of your portfolio:
This information is provided for educational purposes only and is not intended to provide specific advice or recommendations for any individual. It should not be construed as research or investment advice and is not a recommendation, offer or solicitation to buy or sell any securities or to adopt any investment strategy.