Identity Theft is big business for the unforsaken. The Equifax hack is a jinx that will never be forgiven, or soon forgotten, for most Americans. Our Social Security numbers have become our public identifiers for accessing private information and our mobile phone numbers, and SMS text messages, have become our rooted record of no return as the bad actors try to become us by stealing, tainting, or compromising, our sacred identifier streams.
We can try our best to harden what belongs to us — or at least make it more difficult for those who actively choose to harm us to create lasting damage. Unfortunately, 15 minutes of lost control of your phone number can be enough to steal many other founts of treasure that should belong only to you. Control the phone number; manipulate the person; win the assets.
In a recent Reddit thread, I shared some of the following information in this article. As I republish, and rethink, my original warnings here with you today, I want to make sure you are aware of the dangers around you beyond someone just stealing your mobile phone number. You don’t have to be famous, or have a lot of money, to be an identity theft target. Some people get a thrill just knowing they’re ruining your day.
Many of us use our mobile phone numbers to unlock our online lives or as the main, or backup method, for 2-Factor Authentication. Don’t! Remove your mobile phone number as pathway for resetting bank accounts, online accounts, and other services using SMS text messages, or even a phone call. If you lose control of your phone number, anyone can become you.
As well, some use their mobile phone number as a backup — a reset trigger if you forget your password or 2FA method. Delete your phone number from your reset method, especially for anything Google. Use a Google Voice number for SMS instead. Don’t let your wireless mobile phone reset your Google account!
There are all forms and methods of identity stealing and fabrication. Don’t let your mobile phone be an easy way into hacking away the last, remaining, bits of your life.
Always be aware — set email alerts for all online accounts.
Always be paranoid — never stoic.
Yes, someone is always out there actively working to get you!
Verizon Database Hack struck me today! Fidelity account compromised. Stopped it in time. If you called Verizon in the last 6 months, beware! pic.twitter.com/jTEAIOwjvw
— David Boles (@DavidBoles) July 13, 2017
Here’s what I originally posted on Reddit. If you have any questions, ask!
You need to call VZW and tell them you want to lock down your phone number and account and everything else on your account, too, including other phones and tablets.
You may have to help the VZW rep know what to do.
Here’s what to say:
Tell VZW you want a “port lock” on your account so someone cannot easily just port your phone number to another wireless company using the other company to initiate the phone number change.
Ask VZW to place a “fraud alert” flag on your account that will pop up every time you call. That should put the VZW rep on notice that you have had ID security threats in the past and to be extra cautious for any sudden account modifications that seem out of spec.
Ask VZW to NOT use your SSN for ID.
Have VZW lock your SIM card to your phone — so someone cannot easily “SIM swap” your phone number to their burner phone.
Put a PIN lock on your account — so when you call — someone cannot easily make changes to your account, including unlocking everything you set to be locked.
Unfortunately, the truly dedicated “someones” — other than you — call 600 times to get a sympathetic first line voice who will undo everything you’ve done — because the dedicated someone knows just the right human buttons to push to get changes made.
Technically, once a PIN is locked on your account — you can only make changes if you forget the PIN — by going into a local VZW store and showing government ID and a VZW bill to prove your identity.
However, some VZW phone associates will disregard the PIN if the caller is convincing enough — shouldn’t happen — but it does. Sob stories are effective!
You should also be wary of using the VZW online portal. Hardcore ID protection folks want that turned off, too, and never want you to use any web service for vital changes to communication.
The real danger to SMS isn’t really theft, porting, or unlocking, it’s interception.
SS7 is the real culprit here.
SS7 is a necessary evil — as I understand it — because that’s the method the NSA and CIA use to intercept, and track, threats; and there are “someones” out there who wish to use the same technology to do harm.
Let’s hope all the cellular companies work together to lock down our phone numbers and protect our SMS messages!