A week ago in my Scam of the day for February 8th, I wrote about why it was unwise for people to post photos of their vaccination cards on social media because it would let the world know their birhdate. Your birthdate is a signficiant piece of information that, in the wrong hands can lead to identity theft. Identity thieves use legal and illegal online sources to gather their victims’ personal information, such as their Social Security number, address, and date of birth and use that information for purposes of identity theft which is a significant threat to everyone. One important piece of information that many people don’t realize should be kept as private as possible is their cell phone number. These days your cell phone number is tied to so much of what we do. When a criminal knows your cell phone number, he or she can leverage that number through commonly available legal databases such as White Pages Premium and learn information such as your current address, past addresses, the names of your family members and more. The criminal can also use the number to gain access to your social media accounts and can most significantly use the information gained to answer security questions that would allow the criminal to do a SIM swap whereby your cell phone number would be transferred to a phone of the criminal and thereby defeat dual factor authentication where you get a text message or a code sent to your phone when you go to access your bank account online or any other account that requires significant security.
So what can you do to protect yourself?
Limit providing your cell phone number to people and companies as much as possible. You also may want to consider getting a second phone to use when you have concerns about security. You also can use apps such as Google Voice https://voice.google.com/about or Burner https://www.burnerapp.com/ that will enable you to create different numbers to use for calls and text messages. As for dual factor authentication, while sending a code or text message to your cell phone is a simple and effective method of dual factor authentication, you may wish to consider other forms of dual factor authentiction such as apps that will generate temporary security codes such as Authy https://authy.com/ or Google Authenticator https://support.google.com/accounts/answer/1066447?co=GENIE.Platform%3DAndroid&hl=en
Perhaps the best thing you can do to protect your SIM card from SIM swapping is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.
AT&T will allow you to set up a passcode for your account that is different from the password that you use to log into your account online. Without this passcode, AT&T will not swap your SIM card. Here is a link with instructions as to how to set up the passcode. https://www.att.com/esupport/article.html#!/wireless/KM1051397?gsi=9bi24i
Verizon enables customers to set up a PIN or password to be used for purposes of authentication when they contact a call center. Here is a link with information and instructions for setting up a PIN with Verizon. https://www.verizonwireless.com/support/account-pin-faqs/
T-Mobile will allow you to set up a passcode that is different from the one you use to access your account online. This new passcode is used when changes to your account are attempted to be made such as swapping a SIM card. This code will not only protect you from criminals attempting to call T-Mobile and swap your SIM card, but will also prevent someone with a fake ID from making changes to your account at a T-Mobile store. Here is a link to information and instructions for adding a new passcode to your account. https://www.t-mobile.com/customers/secure
Sprint customers can establish a PIN that must be provided when doing a SIM swap, in addition to merely answering a security question, the answer to which may be able to be learned by a clever identity thief. Here is a link to information about adding a PIN to your Sprint account. https://www.sprint.com/en/support/solutions/account-and-billing/update-your-pin-and-security-questions-on-sprint-com.html
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/