×
Routing Number: 307070050
Search
Search Our Site
Type a word or phrase in the search field below. If you are unable to find the information you are looking for, please contact us.
Kirtland Federal Credit Union logo

Welcome To The Insighter!

Explore the latest happenings at Kirtland FCU and learn about important topics from around the financial world. Here’s your insight!

How Thieves Are Stealing Phones—Without Touching Them!

07/26/2019
Ashleigh Munson, K-Staff

How much of your life is on your phone? If you’re like many Americans nowadays, the answer is, “Most of it!”.

It’s more than texts and games; our phones give us access to our financial accounts, social media pages, personal and work e-mails, photos, music, credit and debit card information, and more. And it’s all locked away by nothing more than a few digits you type to unlock your phone.

Thanks to the ease of password storage and “Remember Me” boxes, access to the most important aspects of our lives is easy and convenient. But what if your phone was no longer in your control? What if, one day, your service dropped without explanation and your social media, e-mail and even financial accounts were suddenly out of your control. This isn’t a doomsday scenario—it’s called the SIM-Swap Attack, and it’s ruining lives.

HOW IT WORKS

The SIM-Swap Attack is named for the small chip inside your phone that is tied to your phone number—your SIM card. SIM cards make it easy to transport phone numbers (as you would do when you upgrade your device). But this transportability is being exploited.

This cell phone hack delivers gold for a thief who is able to pull it off. He approaches your carrier (T-Mobile, Sprint, etc.) with a few pieces of your personal information and convinces an employee to transfer your phone number to his own device (a port). Once the transfer happens, he uses his newly activated device to break into your connected accounts—social media, e-mail, banking, and more. He changes the logins for the accounts to lock you out and then goes through his newly-won treasure trove in search of things of value (like your Paypal or financial accounts).

The features you use to make logging into these connected accounts a breeze form a paper-thin barrier between a thief and your information. And regaining access to your e-mail and social media accounts may prove impossible. At the very least, the paperwork and hoops may seem unending.
 
WHAT CAN YOU DO TO LIMIT YOUR RISK?

Practice fraud prevention
Keeping your personal information secure is essential. Without those pieces of personal information—such as your birth date, social security number, and address—a thief has little ability to initiate a port of your phone number. 

PIN it
Every cell carrier offers the option to put a PIN on your account: a secret passphrase the carrier will request anytime a request is made to make changes to your account or activate a new phone. Ask your carrier how to set a PIN on your account – and be sure not to use the same PIN that unlocks your phone.

Don’t save passwords
It’s tempting to have your phone save your login information so you don’t have to enter it each time you open an app. But doing so removes the strongest lock you have against an intruder. And once inside an app, a thief can change your passwords and then the one who is locked out is YOU. Using a quality PAID password manager makes this simple. Why is paid important? Because if you’re not paying for a service, it’s because YOUR INFORMATION is their product. Keepass or Dashlane are reputable options that can really simplify managing passwords.

Don’t rely on normal two-factor authentication
Most two-factor authentication is performed via SMS (texting). But this isn’t a barrier for a thief who already has full control of your phone number. DO use two-factor authentication (it does help!), but make sure that the authentications come to an e-mail account or phone number that is not associated with your phone. Or, use an authentication app instead. Google Authenticator (available in your app store) and Authy offer an extra layer of security by tying the two-factor authentication to your physical device rather than to your phone number. There are also physical authentication methods like Yubikey—literally a key that you plug into the USB port or touch to your phone to verify your identity.

Monitor your accounts frequently
If you notice unusual activity on your phone or your accounts, follow up. Catching the theft early may not prevent damage, but the longer a thief is in control, the more damage he can do.

Remember that convenient for you equals convenient to the people who want your assets, too. Don’t be an easy target!
back to list