Resetting an account’s password is like having your hardware store creating a new key for your home. Many use their phone numbers to get temporary codes to conveniently change their passwords.
But this method is also handy for thieves looking for ways to access your most important accounts online. In some cases, knowing your name, phone number, and your phone’s carrier is enough to cause real harm.
NBC 5’s responses found that new federal regulations might protect you better from such systems in the future, but for now it is wise to implement stronger protection yourself.
First, ask yourself: How many accounts have you linked to your phone number for security reasons? And if someone steals your number, could they get access to what’s most important?
This happened to a man in Joliet who tells NBC 5 Responds that his worst fears came true when, out of the blue, his phone stopped working.
“I went to make a call and it didn’t work,” said Phil Michno. “I log into my email and couldn’t because it said ‘Password changed’.”
To find out what went wrong, Michno said his first call was to his phone provider: Boost Mobile. But the call left him with more questions than answers.
“I called Boost Mobile and said, ‘Hey, what’s wrong with my phone? It’s not working.’ And they said, ‘Oh, we see that you’ve switched to another company,’ “Michno explained. “I said, ‘I never moved to another company!'”
Michno said the Boost Mobile representative informed him that they had – allegedly from him – received a request to transfer his number to another mobile operator.
But Michno wasn’t the person who made this request.
What happened to Michno is called “SIM swapping”.
The way the SIM swap works is a scam impersonating you and convincing your current phone provider to switch your number to another company through your Subscriber Identity Module or SIM card.
That SIM is then virtually connected to the thieves’ device and now they have access to everything on your phone, including the password recovery texts. When they arrive, a con man is sitting right there and receiving them.
SIM swapping is a scheme that the Federal Communications Commission reports kills hundreds of people every year.
In Michno’s case, the thieves went to BitCoin for $ 135,000 on his CoinBase account, savings he believed should be the foundation of his daughter’s college fund.
Michno said that when he contacted CoinBase to warn them it was hacked, they told him it was too late. “They wrote, ‘Oh, we discovered that you were the victim of a SIM swap.’ And all of your bitcoins have been stolen, “said Michno.
In a statement, CoinBase told NBC 5 Responds that it was forbidden to share details about Phil’s loss.
In most cases, the company says it “does not cover losses … from compromising a customer’s credentials”.
Michno said his case is now in the hands of the FBI and the FBI has told him that many people are falling victim to SIM swap programs. And the longer you have your phone number, the more information a hacker can find that is likely out there and connected to your number.
The FCC said that with the number of customer data breaches in recent years, more customer information, such as a person’s phone number and carrier, is available in illegal markets on the dark web.
For this reason, Michno believes that telephone providers have a responsibility to protect their customers’ information and phone numbers from unauthorized transmission.
“Boost Mobile passed my number on. They were my mobile operator, they didn’t protect my data,” said Michno. “These cellular operators have to be responsible for people’s information.”
For its part, Boost Mobile said it was “obliged to investigate”. [Phil Michno’s] Solve problem and find out how the scam came about. “
A company spokesman also said it recently “implemented several procedures to prevent fraudsters from tampering with the system.”
Such customer protection measures could soon be required nationwide in the USA.
The FCC has proposed rules that would require phone carriers to do a lot more to authenticate if a customer is really the person requesting a phone number change to a new device.
How to protect yourself from SIM swapping
While new federal regulations might mandate stronger protection for airlines, there are a few ways you can protect yourself.
First, contact your wireless service provider to see if they offer protection against unauthorized transmissions.
These services are called “Number Blocking” or “Number Blocking” and are sometimes as simple as checking a box on your profile. If this service is not available, the FCC suggests asking your wireless service provider if you can set up a number or password required to transfer your number to a new device.
Another way to protect yourself is to use two-factor authentication for passwords. To learn more, click here.
For more tips on preventing SIM swap, see the video below.
Did you receive a notification that your SIM card was activated on a new device? Your phone may have been hijacked by a scammer, and here’s what you can do to prevent it from happening.