Sorry to be a carrier of bad newspapers, but there is another security threat to worry about: your phone number. If a hacker gets hold of it, you can face some serious personal information.
We can recommend ways to help you identify fraud that lures you to give up your details and tips to keep your phone number safe.
Let's start with a real example. Last year, some T-Mobile customers – including a CNET employee – received a strange text message:
Alarming, no? Was the text from T-Mobile correct or was it a form of phishing – an attempt to get you to visit a malicious site?
turns out to be the former, but you should always think twice before you tap or click on any link that seems too worried – and you should never enter personal information unless you have gone directly to company website or app.
In this case, T-Mobile warned customers about a very real problem: "port-out scam", a hacker's attempt to capture your phone number, transfer it to another operator, and then use it to access your bank account.
For example, if a thief can end up with your number without your knowledge, they can use that number to bypass two-factor authentication with your bank or other financial service – since the SMS confirmation now comes to his phone that has your number.
Although these scams are "necessarily limited to T-Mobile (" they affect the entire wireless industry ", according to a T-Mo FAQ page on the subject) exposed the wearer's security breach in 2017 millions of personal data of customers – hence recent in fraudulent activity.
How to protect yourself If you are a T-Mobile customer, you are strongly encouraged to enable port validation, requiring you to create a 6- to 15 -number password.Then, T-Mo will not honor any port-out request unless this loose number is provided.To enable the feature, you can call 611 from your phone or call 800-937-8997.
It is worth noting that the new password does not replace your existing T-Mobile PIN or password. It is a second security store. The company also recommends "checking with your bank to see if there is an alternative to using text-for-PIN authentication, such as email."
CNET also recommends. A better alternative is an authentication app.
Use a password manager to create strong passwords and keep track of the various PINs and passwords used for your bank, mobile operator, and other critical services.
Another tip: Give friends, family members and banks your regular number, but for everything else, use a second "one-time" number that you can download from Google Voice and Textfree. Although the second number can still be stolen by hackers, it will not be tied to any mission critical.
Did you get any other recommendations to avoid port-out fraud? Share them in the comments!
Originally published February 17, 2018.
Update, April 29, 2019: Various minor updates.