Posts

Phone Account of FTC Chief Technologist hijacked

An impostor posed as Lorrie Cranor at a mobile phone store (in Ohio, nowhere near Cranor’s home) and obtained her number. She is the Federal Trade Commission’s chief technologist. Her impostor’s con netted two new iPhones (the priciest models—and the charges went to Cranor) with her number.

11DIn a blog post, Cranor writes: “My phones immediately stopped receiving calls.” She was stiffed with “a large bill and the anxiety and fear of financial injury.”

Cranor was a victim of identity theft. She contacted her mobile carrier after her phone ceased working during use. The company rep said her account had been updated to include the new devices, and that her Android’s SIM cards had been disabled. The company replaced the SIM cards and restored use of her phones.

The company’s fraud department removed the charges but blamed the theft on Cranor.

So how does an impostor pull off this stunt so easily? Stores owned by the mobile carrier are required to ask for a photo ID and last four digits of the customer’s SSN. However, at a third party retailer, this requirement may not be in place. In the Cranor case, the crook used a photo ID of herself but with Cranor’s name—and was not required to reveal the victim’s SSN last four digits.

Cranor’s Actions

  • Changed password of online account
  • Added extra security PIN
  • Reported the theft to identitytheft.gov
  • Placed a fraud alert and got a free credit report
  • Filed a police report

Hijacking a smartphone is becoming more common, with the FTC having received over 2,600 reports just for January this year.

You may not think that this type of fraud ranks as high as other types of fraud, but it all depends on the thief and his—or her—intentions. Though the thief may only want to sell the phones for a little profit, a different kind of crook may want to hijack a phone to commit stalking or espionage. Or  the thief can gain access to the victim’s text messages. If the phone is used for two factor authentication, then a thief would have access to your One Time Passwords (OTP) upon logging into a critical website. There’s all sorts of possibilities.  The most important tip: add an extra security PIN to your account. This way, whether over the phone, web or in person, this “second factor” of authentication will make it harder for a thief to become you.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Twitter Crime on the Rise

Twitter is now beginning to see a substantial rise in active users. A recent report found that the percentage of Twitter users who have tweeted ten or more times, have more than ten followers, and follow more than ten people rose from 21% to 29% in the first half of 2010.

Spammers, scammers, and thieves are paying attention.

In the physical world, when communities become larger and more densely populated, crime rises. This also applies to online communities, like Twitter and Facebook.

Twitter’s “direct messages” and “mention” functions are laden with spam, often prompting users to click various links. Why anyone would want me to “Take a Good Look at Hypnotherapy” is beyond me, but someone must be buying because the spam keeps coming.

Common Twitter scams include:

Hijacked Accounts: Numerous Twitter (and Facebook) accounts, including those of President Obama, Britney Spears, Fox News and others have been taken over and used to ridicule, harass, or commit fraud.

Social Media Identity Theft: Hundreds of imposter accounts are set up every day. Sarah Palin, St. Louis Cardinals Coach Tony LaRussa, Kanye West, The Huffington Post, and many others have been impersonated by fake Twitter accounts opened in their names.

Worms: Twitter is sometimes plagued by worms, which spread messages encouraging users to click malicious links. When one user clicks, his account is infected and used to further spread the message. Soon his followers and then their followers are all infected.

DOS Attack: A denial-of-service attack left Twitter dark for more than three hours. The attack seems to have been coordinated by Russian hackers targeting a blogger in the Eastern European country of Georgia.

Botnet Controller: One Twitter account produced links pointed to commands to download code that would make users’ computers part of a botnet.

Phishing: Hacked Twitter accounts are used to send phishing messages, which instruct users to click links that point to spoofed sites, where users will be prompted to enter login credentials, putting themselves at risk of identity theft.

Twitter Porn: Please, “Misty Buttons,” stop sending me invites to chat or to check out your pictures.

Twitter Spam: The use of shortened URLs has made Twitter’s 140 character limit the perfect launch pad for spam, shilling diet pills, Viagra and whatever else you don’t need.

To prevent social media identity theft, take ownership of your name or personal brand on Twitter. Protecting yourself from other scams requires some savvy and an unwillingness to click mysterious links. In other cases, you’ll need to keep your web browser and operating system updated in order to remain safe. Make sure to keep your antivirus software updated with the latest definitions, as well.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses hacking wireless networks on Fox Boston. (Disclosures)