Mobile Phone Numbers Are as Sensitive as Your Social Security Number

All of us have cell phones these days, and if you are like the vast majority of the population, you access everything from social media to banking information right from your mobile phone. However, if you do this, which everyone does, you are putting yourself in the position to get hacked. With only your mobile phone number and a couple other pieces of information, a hacker can get into these accounts and your life could drastically change.

How does this work? If a hacker already has your mobile phone number, they can get other information, such as you address, birthday, or even the last four digits of your Social Security number, through social engineering schemes via email or on social. Once they have this information, it’s like handing your phone over to them and letting them do as they please, including accessing your accounts.

The scam may not even begin with you, it may begin with the mobile phone companies themselves. There have been many incidents where the carriers are scammed into handing over troves of personal identifying information to scammers posing as the victim. In many cases the phone companies are even allowing the scammers to get phones with the actual victims phone number by transferring everything to a new phone the perpetrator charges to the victims account.

Here are some things that you can do to keep your mobile phone number safe:

Use Your Passcode – You can and should put a passcode on your phone, you should definitely do it. This isn’t totally foolproof, but does give you an extra level of protection.

Add a Passcode – Your mobile carriers online account should have an additional second passcode to make any changes to your account. This additional passcodes works with both the web and calling customer service. Nothing happens unless this additional passcode is presented.

Disable Online Access to Any Mobile Phone Account – This is frustrating, of course, but it certainly can protect you. If you need to change your account, you should go to the store or call your provider.

Use Google Voice – Google Voice is an excellent choice for many, and you can even forward your current number to your Google Voice number. This helps to mask any call you make, which means no one can have access to your real number.

Access Your Cell Phone Account with a Carrier-Specific Email Address – Most of us use our email addresses and phone numbers to access our online accounts. However, you should really have three separate emails. One should be your primary email address, one should be only for sensitive accounts, like your bank or social media accounts, and one for your mobile phone carrier. This means, even if your main email is hacked, the hackers cannot get into your other accounts.

Talk to Your Carrier – Consider asking your carrier to make a note in your account to require a photo ID and special passcode before any changes are made. Though it’s possible that a hacker could pose as you with a fake ID, the chances are quite low that this would happen.

Use Complex Passwords – One of the best ways to protect online accounts is to use complex passwords. Or at least a different password for every account. You should also use a password manager. If you don’t, make sure your passwords are very random and very difficult to guess like “58&hg#Sr4.”

Do Not Be Truthful – You also might want to lie when answering your security questions. These are easy to guess or discover. For instance, it’s probably easy to find out your mother’s maiden name. So, make it up…just make sure you remember it!

Don’t Use Your Phone Number for Important Accounts – Also, make sure that you aren’t using your phone number for any important account. Instead, use that Google Voice number. 

Use a Password Generator – This is part of two factor authentication. Protect yourself by using a one time password generator, as part of a two-factor authentication process. It may be your mobile or they look like keyfobs and produce a new password very frequently. The only way to get the password is to access the generator or your mobile.

Use a Physical Security Key – You should also think about using a physical security key. To use one, you must enter your password into the computer, and then enter a device into the computer’s USB port. This proves that you are the account owner. So, even if a hacker gets your password, they must also have the physical security key to access the account.

Think About Biometrics – Finally, to really protect your accounts, when available, use biometrics. You can buy biometric scanners that read your fingerprints, your iris, or even recognize your voice. When you use these, you cannot access any account until you scan your finger, eye, or speak.

Yes, it’s true that some of these seem time consuming, it is much more time consuming to have to deal with getting hacked or a stolen identity. So, take these steps to remain as safe as possible.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How to Stop Your Cellphone from Getting Hacked

If you are like most of us, you probably have a password, antivirus program, and a firewall for your home computer to protect it from hackers. Are you doing the same thing for your phone?

From 2015 to 2016 malware infections on smartphones swelled by 96%, and about 71% of the smartphones out there do not have any software at all to protect them. What does that mean for you? It means the odds are against you when it comes to getting your phone hacked. Luckily, there are some things you can do to protect your mobile phone from hackers:

  • Update Your Operating System – Many people skip updates for some reason. Don’t put it off. Most of these updates contain security fixes that your old operating system didn’t have.
  • Put a Lock On It – If your phone doesn’t have a passcode on it, it’s like leaving the front door of your home open for burglars. Hackers will get in; it’s just a matter of time. If you can, use a biometric method, like a swipe or finger tap. In addition, set up a good passcode. Make sure it’s totally unique and nothing a hacker can guess, like your address or birthday.
  • Use Caution with Public Wi-Fi – Public Wi-Fi is great, in theory, but it can also be dangerous, as it is very easy for hackers to access your info. It’s usually pretty safe to use a public Wi-Fi connection for things like catching up on the news or watching a movie, but don’t put any personal information into your device such as your banking password or credit card number.
  • Check Up On Your Apps – Hackers often use phone apps to access data. So, to make sure you are really safe, make sure to delete any apps that you aren’t using regularly. An outdated app can be dangerous, too, so make sure to always update when one is available. Also, only download apps from reputable sources like Google Play and iTunes.
  • Use a VPN – Finally, use a VPN, or virtual private network. This will encrypt your information when you use it over a public network. They are free or cheap, usually $5 to $30, and that small investment is definitely worth it for your safety.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Your Hacked Mobile Phone Number is Like Your Social Security Number

If you have a cell phone, and you use it in any way associated with accessing online accounts (and many do), you are putting yourself at risk of getting hacked. With only a phone number and a bit of information, which is easy to get through social engineering, a hacker can break into your personal and financial accounts.

5WThis works by getting information about you, such as your birthday, address, or even the last four digits of your Social Security number…information that is readily available…and then creating a plausible story to gain access to your phone account, phone and various online accounts. Once they have access to your accounts, they can change the phone number, get a new sim card and then change account passwords, and you will be unable to access the affected accounts. Below, you will find some tips to help you protect your phone number:

Use a Passcode

If you have the option to put an additional passcode on your phone account, do it. Though this isn’t foolproof, it will certainly help to give you some added protection.

Disable Online Access to Cell Phone Accounts

I’m not doing this, but some should. This might be frustrating, but it will further protect you. If you need to make a change, you can call or go into the store.

Consider Using Google Voice

Google Voice is a safer option for many, and you can even forward your existing number to Google Voice. This helps to mask the calls you make, which means no one would have access to your real number.

Use a Carrier-Specific Email to Access Your Mobile Phone Account

If you are like most people, your email address and phone number help you to access most of your internet-based accounts. Ideally, instead, you should have a minimum of three email addresses: your primary address, one for your mobile phone carrier only, and one for sensitive accounts, such as your bank and social media. This way, if your primary email is compromised, a hacker cannot access your sensitive accounts.

Ask Your Carrier for Account Changes

Finally, you can ask your carrier to only allow account changes in person with a photo ID. Though there is still a chance that a hacker could pose as you with a fake ID, the chances are much lower.

There are also some steps that you can take to protect all of your online accounts:

Create Complex Passwords

One way to protect your online account is to create complex passwords. It’s best to use a password manager that creates random, long passwords. If you don’t use a password manager, create your own password of random numbers, cases, and special characters. These might include “4F@ze3&htP” or “19hpR$3@&.” Try to make up a rule to help you remember them.

Don’t Tell the Truth

Another thing that you can do is to stop being truthful when answering security questions. For instance, if a security question asks what your mother’s maiden name is, make it up. Something like this is too easy to guess…just make sure you remember it!

Don’t Connect Your Phone Number to Sensitive Accounts

You also should make sure that you are not connecting your phone number to any sensitive accounts. Instead, create a Google Voice number and use this for your sensitive accounts.

Use Passcode Generators

Passwords are easily stolen via key loggers, which is software that records keystrokes. You can protect yourself from this by using a one-time passcode generator. This is part of the two factor or multi factor authentication process. These generators are wireless keyfobs that produce a new passcode with heavy frequency, and the only way to know the passcode is to have access to the device that created the passcode.

Use Physical Security Keys

You also might want to consider using physical security keys. To use these, people must enter their passwords into the computer, and then they must enter a physical device into the USB port, proving that they are the account owner. This means, in order to access an account, a hacker must not only know the password, they must have the physical device.

Consider Biometrics

Finally, if you really want to protect your internet accounts, you should use biometrics. You can purchase biometric scanners, such as those that read your iris, fingerprint, or even recognize your voice. When using these, you will be unable to access your accounts unless you provide this biological information. There are a number of devices on the market that do this.

Though these steps might seem a bit time-consuming, they can be the difference between keeping your private and financial information safe and getting hacked.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Mobile SIMs Hacks Cause Concern

A crook can steal your identity by taking control of your wireless phone account—by pretending to be you in person at the mobile store. The villain can then buy pricey mobiles and sell them—and guess who gets the bill but not the profit.

4DSymptoms of Hijacked Account

  • Suddenly losing service
  • Your carrier says you went to a store, upgraded a few phones, then shut down your old device.
  • Or, the rep will straight-out ask if the problem is with your new iPhone—even though you never purchased one.
  • You were never at the store and never authorized any account changes.

If this happens to you, says an article at nbc-2.com, you’ll need to visit the carrier’s local store, show your ID and get new SIM cards. The carrier absorbs the costs of the stolen new phones.

But it’s not as simple as it sounds. What if in the interim, you need to use your phone—like during an emergency or while conducting business? Or your phone goes dead just as your teen calls and says she’s in trouble?

The thief, with a fake ID, waltzes into a store that does not have tight owner-verification protocols, and gets away with changing the victim’s account and buying expensive phones.

The nbc-2.com report says that this crime is on the increase and is affecting all four of the major mobile carriers: AT&T, T-Mobile, Verizon and Sprint.

Here’s another thing to consider: The thief may keep the new phone, which still has your number, to gain access to your online accounts via the two-factor authentication process—which works by sending a one-time numerical text or voice message to the accountholder’s phone.

The thief, who already has your online account’s password, will receive this code and be able to log into the account. So as innocuous as stolen phones may seem, this can be a gateway to cleaning out your bank account. The thief can also go on a shopping spree with mobile phone based shopping.

We’re all anxiously waiting for mobile carriers to upgrade their store security so that people just can’t strut in and get away with pretending to be an accountholder. Biometrics come to mind. Photo IDs are worthless.

In the meantime, accountholders can create a PIN or password that’s required prior to changing anything on the account.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

How to protect your Mobile Phone from Hackers and Thieves

Let’s cut to the chase:

  • Regularly back up the phone’s data! If this is done every day, you won’t have to worry much about losing important information if something happens to the phone—such as a ransomware attack.
  • Keep the phone’s software and applications updated.
  • Delete apps you no longer use, as these can reveal your GPS coordinates and garner data about you.
  • Never post about your vacation while you’re on vacation.

6WBut there’s more:

  • Employ the device’s password-protect function (which may even be a biometric like a fingerprint).
  • If the phone has more than one type of protection, use both.  You just never know if the phone will get lost or stolen.

Public Wi-Fi

  • Never use public Wi-Fi, such as at airports and coffee houses, to make financial transactions.
  • Though public Wi-Fi is cheaper than a cellular connection, it comes with risks; hackers can barge in and “see” what you’re doing and snatch sensitive information about you.
  • If you absolutely must conduct sensitive transactions on public Wi-Fi, use a virtual private network or a cellular data network.

And yet there’s more:

  • Switch off the Wi-Fi and Bluetooth when not in use. Otherwise, your physical location can be tracked because the Wi-Fi and Bluetooth are constantly seeking out networks to connect to.
  • Make sure that any feature that can reveal your location is turned off. Apps do collect location information on the user.
  • What are the privacy settings of your social media accounts set to? Make sure they’re set to prevent the whole world from figuring out your physical location. This is not paranoia. As long as you’re not hearing voices coming from your heating vents, you’re doing fine.
  • Are you familiar with the remote wipe feature of your mobile device? This allows you to wipe out its contents/files without the phone being in your hand—in the event it’s lost or stolen. Enable it immediately.
  • And also enable the “find my phone” feature. You may have lost it inside your car’s crevasses somewhere.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

I want a Cell Phone Jammer

Well, we certainly can’t blame Dennis Nicholl for breaking the law. Frankly, had I been nearby him when he did it, I would have kept silent and let him continue breaking the law—unless, of course, I was engaged in some loud, planet-moving discussion with a world leader.

5WNicholl, 63, was recently on a Chicago subway train. He brought with him a cell phone jammer. Unfortunately for Nicholl that day, Keegan Goudie was on the same train. Goudie is a blogger, noticed the infraction and began blogging about it. One thing led to another and Nicholl ended up being charged with the unlawful interference with a public utility.

Someone called 911 on him. Though Nicholl was breaking the law, arguably, he wasn’t committing any act that was putting anyone else’s life or limb in immediate danger. Or was he? I’m sure we can all get creative here.

Anyways, Nicholl’s lawyer says his client meant no life or limb danger. Like most of us, Nicholl only wanted some peace. Cell phone users tend to talk a lot louder into their phones than to people sitting right next to them. Sometimes, they’re outright obnoxious. They should be glad the infraction is only a cell phone jammer and not someone’s angry hands.

If making calls becomes allowed on airplanes in flight, it won’t be pretty. It’s bad enough when some fool talks loud while waiting for the boarding door to close. Nobody wants to hear how big the deal you are closing is or that Timmy scored a goal in soccer. Stop being a jerk.

So why is interference with a conversation via electronic device illegal, yet it’s not illegal to “jam” riders’ cell phone yakking with loud whistling, singing, loudly yakking to oneself or playing a harmonica?

Because these non-techy interference techniques can’t jam up someone’s legitimate call to 911. Nicholl’s jammer could have prevented another rider from getting through to 911 to report sudden difficulty breathing. So if you’re hell bent on using a cell phone jammer, maybe make sure first that everyone looks healthy?

The punishment is heavy. A Florida man had to cough up $48,000. Also in Florida, a teacher was suspended after jamming his students’ phones. A priest was even busted for using one in church. Ahh, technology.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Want Mobile Privacy? Read

If you don’t want your smartphone to know more about you than you do, here are top choices, as detailed on gizmodo.com:

2PBlackPhone 2

  • The Blackphone 2 will black out the federal government from spying on you.
  • Has a five inch handset with full HD screen (with Gorilla Glass 3 that prevents shoulder surfing).
  • 3 GB or RAM
  • Its Silent Circle’s PrivateOS 1.1 provides a “Spaces” UI: Data will be encrypted and compartmentalized.
  • The “Spaces” allow you to set up distinct spaces for different types of data, including a Silent Space that’s akin to Chrome’s incognito mode.
  • The Silent Suite allows you to keep various kinds of communications encrypted.
  • Also provides a Silent Store for apps.

Nokia 3310

  • This outdated “dumb phone” might still be available out there, somewhere.
  • The dumb phone is not capable of transmitting data through cyberspace. Thus, you don’t ever have to worry about being “followed,” “tracked” or hacked into.
  • If you’re comfortable not being connected to the Internet of Things, this phone is for you—if you can find one.

Payphones

  • If you want to pretty much guarantee that you’ll be untraceable, then use payphones.
  • Locate the payphones in your town and anywhere you normally travel, so that when it’s time to make a call, you won’t be spending time hunting for the phone.
  • Always have change on you, too.
  • To be even more non-traceable, always have in your car a thin pair of gloves to prevent your fingerprints from being on the phone.

Honorable Mention: Apple iPhone/Microsoft Lumia 930/Google Nexus 5

  • Apple, Microsoft and Google are no more crazier about government surveillance programs than you are.
  • Nevertheless, their phones gather data—but at least it goes to the maker of these devices rather than to the government.
  • The manufacturers analyze the data in the name of giving the user a better experience with the product.

Let’s also throw in the landline. Your calls can be traced, but at least data about you like your shopping preferences, health, income, marital status, etc., won’t go leaking out anywhere.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Apple’s bizarre Crashing Text and how to fix

Of all the weird things that can happen to your iOS device, the latest is a relatively benign situation in which a string of text is sent to the phone…and it causes the phone to crash.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294The phone will reboot if the particular nonsensical text string is received while the phone is locked.

Data won’t be stolen; nobody will gain remote control of your device (yet); but heck, who wouldn’t be very annoyed that their phone crashes? And this is going on all over the world. The text characters can also be sent from any device. Apple says it will get this problem fixed.

But in the meantime, there are things you can do to undo the problem.

Mac Users

  • Reply to the gibberish text in iMessage, and the reply can be any string of text.

If you don’t have a Mac:

  • Send a text message via a third-party application by using its share feature.
  • Ask Siri to issue a reply or “read unread messages.” Then reply to free your Messages.
  • When you’re in Messages, delete the whole chain.
  • If you know who sent the crazy message, ask them to send a follow-up message.

A software update will soon be coming from Apple that will include a fix to this situation.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

How to Avoid Bad Apps

If you think there’s like a million apps out there, that’s not exactly an exaggeration. For sure, there are more than you can imagine, which makes it easy to conceive that many certainly come with security problems.

In fact, out of the top 25 most popular apps, 18 of them bombed on a security test from McAfee Labs recently.

Creators of apps put convenience and allure ahead of security. This is why so many apps don’t have secure connections—creating welcome mats for hackers; they get into your smartphone and get your passwords, usernames and other sensitive information.

Joe Hacker knows all about this pervasive weakness in the app world. You can count on hackers using tool kits to aid in their quest to hack into your mobile device. The tool kit approach is called a man-in-the-middle attack.

The “man” gets your passwords, credit card number, Facebook login information, etc. Once the hacker gets all this information, he could do just about anything, including obtaining a credit line in your name and maxing it out, or altering your Facebook information.

You probably didn’t know that smartphone hacks are becoming increasingly widespread.

bad-apps

So what can you do?

  • Stay current – Know that mobile malware is growing and is transmitted via malicious apps.
  • Do your homework – Research apps, read reviews, and check app ratings before you download.
  • Check your sources – Only download apps from well-known, reputable app stores.
  • Watch the permissions – Check what info each app is accessing on your mobile devices and make sure you are comfortable with that.
  • Protect your phone – Install comprehensive security on your mobile devices to keep them protected from harmful apps.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Mobile Apps Failing Security Tests

It’s been said that there are over a million different apps for the smartphone. Well, however many may exist, know that not all of them are passing security tests with flying colors.

5WYou may already be a user of at least several of the 25 most downloaded apps And what’s so special about the top 25? 18 of them flunked a security test that was given by McAfee Labs™ this past January. And they flunked the test four months after their developers had been notified of these vulnerabilities.

App creators’ first priority is to produce the next winning app before their competitors do. Hence, how secure it is doesn’t top the priority list, and that’s why there’s such a pervasive problem with security in the mobile app world.

Because these apps failed to set up secure connections, this opens the door for cybercriminals to snatch your personal information such as credit card numbers and passwords. And this is growing because this weakness in apps is so well known and it’s pretty easy for cybercriminals to purchase toolkits that help them infect smartphones via these vulnerable apps.

The technique is called a “man in the middle” attack. The “man” stands between you and the hacker, seizing your personal information. The “man” may capture your usernames and passwords for social media accounts and so much more—enough to open up a credit card account in your name and then max it out (guess who will get the bills); and enough to commit a lot of damage by manipulating your Facebook account.

So What Can You Do?

Here’s some tips to help you protect yourself from these unsecure apps:

  • Before purchasing an app, get familiar with its security features—read reviews and check what permissions the app is asking access to. You don’t want to end up with an app that accesses way more information about you than necessary for what you want the app for in the first place.
  • Download only from reputable app stores, not third-party vendors. This will reduce your chance of downloading a malicious app.
  • Don’t have your apps set to auto login. Even though it may be a pain when you want to access Facebook, it’s better to be safe than sorry.
  • Make sure you use different passwords for each of your apps. Sorry, I know that’s a hassle, but that’s what you must do. And make sure your password is long and strong.

Here’s to staying safe on our mobile devices.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.