T-Mobile data breach and SIM swap scam: how to protect your identity

Just when you think of the massif T-Mobile hacking can’t be worse, the carrier announced on Friday that more than 50 million people, including current and former customers as well as prepaid customers, were affected by the violation. Information such as social security numbers, driver’s licenses and account PINs were exposed. Here is some steps you can take now to protect your financial information.

Whether or not you are a T-Mobile user, exposure of account PINs is a major danger. It’s the the password that you are asked to deliver to a T-Mobile employee before changes can be made to your account. A scammer who knows your account password can call customer service and request that the SIM card linked to your phone number be replaced with a new SIM card and a new device, thereby taking over your phone number. If you switched from T-Mobile to another carrier and used the same password, you should change it immediately.

Sim swapping isn’t just a downside. Once someone takes over your phone number, they can use it to impersonate you or log into your online accounts. They can get instant access to any two-factor authentication codes you receive via SMS, the PIN code an institution sends you via SMS to verify your identity.

So if they also have your password or other personal information, they’re just a few clicks away from logging into your email, banking, or social media accounts. And if someone accesses your email account, they can change other passwords and search your email archives to create a list of all of your online presence. Take time move away from 2FA SMS codes and use app-based codes instead. Seriously.

For example, Matthew Miller, a contributor to CNET’s partner site ZDNet, was the victim of a SIM swap scam and he experienced the fallout for months. Whoever took Miller’s phone number got access to his Gmail account and quickly changed his password, then erased all emails, deleted all files from his Google Drive account, and finally deleted his account completely. Gmail.

Miller later found out that he was being targeted because he had a Coinbase account and his bank account was linked to it. Miller’s phone received the two-factor authentication code for his Coinbase account, so the hackers were able to log into his cryptocurrency trading account and buy $ 25,000 worth of Bitcoin. Miller had to call his bank and report the transaction as fraud. This adds to the immense vulnerability he felt.

To be clear, this is not a T-Mobile specific issue. All wireless operators and customers can be victims of SIM swap fraud. Below are some tips for securing your wireless account.

How to prevent SIM card swapping on your account

You can reduce your chances of someone accessing and taking over your phone number by adding a PIN or password to your wireless account. T-Mobile, Verizon, and AT&T all offer the option to add a PIN code.

If you’re not sure if you have a PIN or need to create one, here’s what you need to do for each of the major US carriers.

• T Mobile: Configure the T-Mobile Account Takeover Protection Service. You need to add the functionality to each individual row in your account. I also suggest changing your account PIN (if you are not prompted to do so while setting up account takeover protection).

• AT&T: Go to your account profile, sign in, then click Sign in information. Select your wireless account if you have multiple AT&T accounts, then navigate to Manage additional security under the Wireless access code section. Make your changes, then enter your password when prompted to save.

• Verizon wireless: Call * 611 and request a port freeze on your account, and visit this web page to learn more about enabling enhanced authentication on your account.

If you have service through another operator, call their customer service number to ask how you can protect your account. Most likely, you will be asked to create a PIN or password.

When creating a PIN or password, keep in mind that if someone has enough information to pretend they really are you, using a birthday, anniversary, or address as a PIN will not. will not cut. Instead, create a unique access code for your carrier, then store it in your password manager. You are using a password manager, right?

How to know if your SIM has been exchanged

The easiest way to tell if your SIM card is no longer active is to completely lose service on your phone. You can receive an SMS indicating that the SIM card of your number has been changed and call customer service if you have not made the change. But with your SIM card no longer active, you won’t be able to make a call from your phone, not even to customer service (more details below).

In short, the fastest way to find out if you’ve been affected is if your phone loses service completely and you can’t send or receive text messages or phone calls.

What to do if you are the victim of SIM swap fraud

The truth is, if someone wants to gain sufficient access to your phone number, they will do everything possible to deceive your carrier’s support representative. What we’ve described above are best practices, but they’re not foolproof.

Researchers were able to impersonate account holders who forgot their PIN or access codes, often providing recent outgoing calls from the target phone number called by the actual account holder. How do they know these numbers? They prompted the account holder to call. Even more frightening, researchers have sometimes been able to provide phone numbers for incoming calls to the account they want to support. This means that the villain simply needed to call the target’s phone number himself.

Once you realize that you have lost the service on your mobile device, immediately call your carrier and let them know that you have not made the changes. The carrier will help you regain access to your phone number. I cannot stress this enough – do not wait to call. The longer someone has access to your phone number, the more damage they can cause.

Here are the customer service numbers for each major carrier. Put your operator’s number in your phone as a contact:

• AT&T: 1-800-331-0500
• T Mobile: 1-800-937-8997
• Verizon: 1-800-922-0204

With your SIM disabled, you won’t be able to call from your phone, but at least you’ll have the number handy to use on someone else’s device.

You’ll also want to contact your banks and credit card companies, and double-check all of your online accounts to make sure the perpetrator hasn’t changed your passwords or made fraudulent transactions. If you find any transactions that are not yours, call your bank or go to a branch immediately and explain the situation.

Remember that no matter how many PINs or passwords we add to our online accounts, there is always the possibility that someone will find a way to break into. But at least by setting a password for your account and knowing what to do if you find the victim of a SIM swap, you’re good to go.

Another essential aspect of strong online security is to use a password manager to create and store unique passwords on your behalf. In addition, activate two-factor authentication on each account that offers it. And make sure you are not fall for robocalls Where Fraudulent SMS.