Is your mobile phone number freely available on the internet? If so, then a hacker may be able to use that number to steal your wallet.
A new security report shows that a growing number of online attacks involve something simple and seemingly innocent: your mobile phone number. Many people post their mobile phone number online, or make it freely accessible to anyone who asks. However, hackers have taken advantage of this to take control of a victim’s phone.
Yes, it’s true: a skilled hacker can gain control of your phone and wallet simply by knowing your phone number.
How It Works
Here’s how it works: a hacker spots your phone number online.
Then, they call up a carrier like Verizon, T-Mobile, Sprint, or AT&T. The hacker asks the carrier to transfer control of a victim’s phone number to a device under the control of the hackers.
The hacker might say their phone has been stolen, for example, or their phone has been damaged and they need to transfer the number to a new phone.
If the carrier falls for the attack, then the attacker can get control of your phone number and reset the passwords on any account that uses your phone as a security backup.
Today, many people use two factor authentication with Google, Twitter, and Facebook, or use their phone as an SMS backup.
The attacks seem to be particularly targeted towards digital currency investors.
“My iPad restarted, my phone restarted and my computer restarted, and that’s when I got the cold sweat and was like, ‘OK, this is really serious,’” said Chris Burniske, a virtual currency investor who lost control of his phone number late last year, as interviewed by the Montreal Gazette.
Attacks have also been targeted towards members of the Federal Trade Commission and a member of the Black Lives Matter movement.
Thousands of Attacks Occur Every Month
Thousands of SMS spoofing / phone number stealing incidents are reported each year. However, a growing number are targeted towards individuals like Burniske, who lost $150,000 in virtual currency to the attackers.
Other cryptocurrency users echoed the sentiment. Another individual interviewed by the Montreal Gazette claims he lost about $1 million in virtual currency after hackers took over control of his phone number.
That individual claims he even contacted his carrier and requested additional security for his account – like the ability to prevent device changes. His wife and parents had recently lost control of their phones in similar incidents. Even with these additional protections, unfortunately, he still lost control of his phone number.
How to Prevent Attackers from Stealing your Phone Number
Ultimately, carriers are getting smarter about defending against phone number stealing attacks. Nevertheless, thousands of such attacks still occur every month.
Talking to your carrier might help – but it’s not a foolproof solution. The man who lost $1 million in bitcoin we mentioned above, for example, had previously called his carrier and warned that he was being targeted.
Fortunately, mobile phone carriers have announced they are taking steps to avoid these attacks. Some carriers allow you to add a PIN to your account. You’ll need to tell your carrier that PIN if you want to make any changes to your account.
The best way to avoid SMS spoofing attacks and phone number stealing attacks is to remove your mobile phone number from the internet.
Another way to avoid attacks is to avoid talking about the value of your phone on the internet – don’t advertise your cryptocurrency holdings, for example, or make yourself a target for other reasons.
Ultimately, there’s no foolproof way to prevent these attacks. You trust your carrier to safeguard your account – but in reality, carriers have repeatedly dropped the ball and allowed hackers to gain access to your account through a simple SMS hack.