Should your Phone Number Be a Secret?
If you've listened to anyone talk about online security or read any of my other posts here, you have probably have heard a lot about keeping your passwords safe. Something that is far less spoken about is the security of your wireless phone number. Maybe we should be treating them with the same confidentiality that we do passwords.
I know this sounds crazy, but hear me out.
Your phone number is tied to a lot of sensitive information.
Many companies have conveniently provided the option of adding a phone number to your account which can be used to recover it, in the case that you get locked out. Does this look familiar?
And if you are as forgetful as me, this can be a lifesaver.
Phone numbers are also typically tied to account strengthening measures like two-factor authentication.
Two-Factor Authentication = A method of confirming a user's identity by two different sources when logging into an account.
Unfortunately, this has gotten the attention of sinister hackers. Gaining access to a victim's wireless account can unlock access to emails, bank accounts, social media, etc. Yikes!
Once they have gained access to these accounts, they may hold them for ransom, scam your friends and family, use them to send spams (to name a few).
How do they do it?
The tactic is known as SIM Hijacking or a Port Out Scam, and it's a lot more common than you think. The attacker is able to execute the attack by contacting your wireless provider and pretending to be you. This technique is known as Social Engineering.
Social Engineering = The use of deception to influence or manipulate individuals into divulging confidential or personal information that may be used for malicious purposes.
In early 2018, T-mobile saw so many occurrences of it, that they sent out a mass text message to all of their customers warning about it.
Instagram even releases mobile app based two-factor authentication to combat Instagram accounts being taken over through the use of SIM hijacking.
So how do I protect my phone number?
Set a PIN on your wireless account.
This pin will be required to make any sensitive account changes, like swapping your SIM card. Most of the major wireless providers now offer this option.
Sprint requires that you set this up when you activate your account. So if you’re a Sprint customer, you’re set on this one.
Create a virtual phone number (aka VoIP)
Once you have set up your virtual phone number, update the account recovery settings and two-factor authentication to use your new virtual phone number.