When you lose your phone or it gets stolen nowadays, there is a lot more at stake than a few hundred bucks for the device itself. Your mobile account is not only linked with most of your personal info, but also with your mobile payment logins, and your digital identities in general. A new security report points out that it's precisely those mobile accounts now that are the the target of identity thieves, for all sorts of reasons.
Usually the stolen mobile identities are used to go into a carrier store, and just walk out with a set of brand new expensive phones, billed on the unsuspecting victim's account. More ominous scams include the so-called "SIM swaps," where a trickster uses purchased or acquired info to impersonate someone, and get access to account transactions via mobile banking and the like. In fact, the Federal Trade Commission (FTC) noticed a huge spike of complaints on mobile account hijacking in the past few years - back in January 2013 the agency had 1,038 such issues logged, while this January the complaints went up to 2,658.
As per Lorrie Cranor, one of the victims, who had both hers and her husband's phones die on the same day (they thought was an issue with the service provider): "We found out that someone had gone into the phone store in another city with a fake ID and said they wanted to upgrade their phones. They walked out with two brand new iPhones with our phone numbers on them and charged to our account
Needless to say, a lot of calls and days later, the service was restored and amounts refunded, but the carriers are the ones eating the charges, so industry associations and carriers themselves are coming up with methods like two-factor authentication and others, to combat this phenomenon. Here's what the FTC advises you to do, in order to prevent easy mobile account hijacking:
AT&T offers a feature they refer to as “extra security.” Once activated, any interaction with AT&T, whether online, via phone, or in a retail store will require that you provide your passcode. You can use your AT&T online account or the myAT&T app on your mobile phone to turn on extra security (link is external). Note, that when you login online with your passcode, you may be presented with the option to not be asked for it again. Do not accept this option or you will disable extra security.
Sprint asks customers to set a PIN and security questions when they establish service with Sprint, so no additional steps are needed to use this feature.
T-Mobile allows their customers to establish a customer care password on their accounts (link is external). Once established, customers are required to provide this password when contacting T-Mobile by phone. To establish such a password, customers can call T-Mobile customer service or visit a T-Mobile retail store.
Verizon allows their customers to set an account PIN. Customers can do this by editing their profile in their online account, calling customer service, or visiting a Verizon retail store. This PIN provides additional security for telephone transactions and certain other transactions.
Using this extra password or PIN is a good idea and should help reduce your risk of mobile account takeovers. However, it does not offer complete protection, so make sure you remain alert for phishing attacks, protect your financial account information, and examine your mobile phone and credit card bills carefully every month for signs of fraud. If your phone stops receiving a signal and says “emergency calls only” or “no network,” even after you restart your phone, contact your mobile carrier to see whether your account has been hijacked.