Prevent scammers from taking control of your phone to perpetrate identity theft and fraud
Do you pay as much attention to protecting the security of your phone as your computer?
You may want to consider starting to because your phone is a gateway to your financial, social media, email and other personal accounts. Fraudsters are continuously devising new schemes to take control of your phone to perpetrate identity theft and fraud—and if they succeed, the damage can be significant.
Picture this: One day your cell phone just stops working. You can’t initiate or receive any calls or text messages. To understand how scary that is, think about the times you’ve needed to reset a password and were asked to provide a one-time passcode sent to you via text. Now imagine that you’re not on the receiving end of those texts, but a fraudster who has taken over control of your phone is—and is resetting the passwords for all of your sensitive logins.
So how does a fraudster get control of your phone number in the first place? This kind of identity theft scam is often called a “phone porting” or “SIM-swapping” attack.
Here’s what typically happens: The scammer gathers personally identifiable information (PII) about you—things like your name, address, date of birth and Social Security number—then calls your mobile carrier, pretends to be you and convinces the service representative to transfer your number to a new service or device.
To help combat phone scams, many carriers are now allowing you to add extra security to your account. This way, if and when you have a legitimate need to transfer your number, you’ll be asked to provide a special personal identification number (PIN) code or answer an identity verification question. An ounce of prevention really is worth a pound of cure. Call your carrier today to understand what proactive security measures you can put in place.
For your sensitive account logins, you should also consider multi-factor authentication offerings that aren’t tied to your phone number. At Morgan Stanley, these include device registration, push notifications, biometrics (face/touch ID), authenticator apps and security keys.
If you suspect you’re the victim of a phone porting attack, contact your mobile carrier and financial institutions immediately to let them know. Reacting quickly is a key way to help limit the damage.
We’ve all been there—you’re sitting at home, trying to enjoy a nice dinner and your phone won’t stop buzzing with calls from unknown numbers.
While reputable entities like banks and political parties use robocalls, a large number of these calls originate from illegitimate telemarketers pushing travel prizes or fake computer security services in an attempt to steal personal information. Many illegitimate robocallers spoof their numbers so it looks like it’s coming from your area code or is a valid business or a government agency like the IRS.
These calls aren’t just annoying, they may also collect your voice print, which can then be used to commit identity theft or other types of fraud against you through voice-authenticated telephone systems.
While it’s difficult to completely eliminate robocalls, you can follow these tips to reduce the amount of robocalls you receive and better protect yourself from fraudsters:
- Only answer phone calls from numbers you recognize. It’s perfectly okay to let unknown callers go to voicemail and then check to see if the message is legitimate. If you receive a call from someone claiming to be from an entity, contact the organization through a trusted phone number or website.
- Enable “Do Not Disturb” on your mobile device, if available. With certain configurations, this feature can restrict calls to numbers in your contacts.
- Add your home and mobile phone numbers to the National Do Not Call Registry. This should help reduce the number of calls you receive, but there’s no guarantee an illegitimate robocaller will honor the registry. You can visit DoNotCall.gov to register your numbers.
- Hang up immediately if you hear a voice asking a question such as “Hello, can you hear me?” Answering affirmatively with “yes” may allow your voice print to be collected and used for unauthorized voice acknowledgements later without you realizing it.
- Avoid pressing a number to be connected to a representative when an inbound call requests this action. It may be a way to confirm your number is active and lead to even more unwanted calls.
- Use Caller ID Authentication to help identify and block known or suspected spam callers.
- Take advantage of app-based solutions from phone carriers that limit robocalls on mobile devices. But, do your research first because third-party spam blockers found in app stores may share data about you with other companies.
- Activate Anonymous Call Rejection for your landline. Press *77 to automatically block calls from numbers who hide their Caller ID information.
Just like with robocalls, robotext fraudsters use a variety of messages to lure you into responding to them.
Some common scams revolve around topics such as guaranteeing prizes, offering low-interest credit cards, paying off student loans, extending car warranties, pretending there’s suspicious activity on your accounts and providing fake package tracking numbers.
How can you fight back against these fraudsters? Try these suggestions:
- Don’t engage in any manner with unwanted texts from questionable sources, including clicking on links. If you’re in doubt about the authenticity of the text, you can always contact the company in question by calling their official phone number listed on their website.
- Use your mobile phone’s filtering settings to block text messages from unknown numbers or senders. Your wireless provider may also offer this service. Activate call-blocking apps from your phone carrier, as they can often block unwanted text messages.
- Report robotexts to your mobile carrier by copying the original message and texting it to 7726 (SPAM).
No matter if you’re dealing with calls or texts, keep in mind that your phone is the focal point for much of your life. So, don’t compromise when it comes to its security.