March 15, 2018
Protecting Your Account Against Mobile Authentication Fraud .
You may have read about recent scams and hacking incidents where fraudsters use stolen information to take control of your prepaid wireless account or phone number and redirect text messages and calls intended for you to a device that they control through SIM swap fraud. This can provide them access to your other accounts—such as your email, your online banking, or your cryptocurrency accounts, including Bitcoin, or social media —because calls and text messages made to your number to verify your identity will instead go to the fraudster, and he or she can pretend to be you and “verify” any transactions.
Wireless providers constantly review and update their cybersecurity practices to protect you against SIM swap attacks. As an industry we are committed to battling fraudsters at every turn. CTIA’s Working Groups include technical experts who focus on advancing measures to prevent and minimize the risks of SIM swap frauds and other forms of mobile authentication fraud. You are a critical part of the overall solution. While the tools available will depend on your service provider, here are some things you can do to protect your prepaid wireless account from this kind of fraud:
- Establish a PIN on your account that is required for account access, and use a unique number that cannot be easily determined (e.g., do not use the last four digits of your SSN, your DOB, your anniversary, etc.)
- Download your prepaid carrier’s mobile app to stay up to date on any security updates and alerts
- If you stop receiving calls or texts, and you don’t know why, contact your wireless provider immediately. Even if you don’t use your mobile device often, you should check regularly for provider and account alerts.
- Never disclose your banking or other online passwords or personal identification numbers to anyone. Even your bank will never ask for this.
- Be alert for pretexting or “phishing” attempts. If you receive a call, email or text message asking you for your social security number or a portion of your social security number, your bank account number, your driver’s license number, or other identifiers or financial details, do not provide them even if the call, email or text appears to be from a trusted entity. Instead, contact the provider directly.
- Keep personal details – such as your phone number, date of birth, or your first car or maiden name – off social media so that scammers can’t impersonate you easily.
- Ask your bank or financial institution to give you notice of every financial transaction through two different channels – via text message, for instance, as well as email.
- Use a separate email address for your online banking account and financial transactions from your social media accounts.
- Follow FTC guidance on preventing identity theft.
- See CTIA’s Protecting Your Data on Your Mobile Device
- Follow your carrier’s security advisories and leverage their available tools such as credential “vaults” that manage PINs/passwords to facilitate account access.
- Share these tips with friends, family and colleagues.
If you think your prepaid wireless account has been compromised, call your provider immediately. We also recommend that you check your accounts, including your financial information, for signs of fraud. If you see any, contact your financial institution or the manager of your account immediately