Think two-factor authentication for your financial accounts and a passcode on your phone protects you from hackers?
RELATED: 5 great smartphone deals under $200
SIM hijacking could allow criminals to access your money
In a new scam that’s generically being called “mobile hacking” and more accurately termed “SIM hijacking,” BuzzFeed reports criminals are now able to breach your financial accounts with as little as the last four digits of your Social Security number.
Here’s how this one plays out: A crook who has the last four of your Social can call your wireless carrier and impersonate you. They can convince the customer rep to issue a new SIM card for your phone number, which they can then activate to take control of your number.
Once your new phone number is in their control, they can gain access to your accounts — bank and investment accounts, as well as social media and email accounts — and siphon money out without your knowledge.
Mind you, this isn’t just paranoid speculation about the latest iteration of hack attacks coming down the line.
No, this is happening right now in real time! That’s according to this report from Motherboard that includes nine personal tales from people who have been affected by SIM hijacking.
Stolen social media and gaming handles are a hot commodity
The thing about SIM hijacking is that criminals are always refining the scam. In a separate Motherboard report, the online magazine notes hackers targeted one woman with the Instagram handle of @Rainbow. Her account was specifically targeted for takeover because of the catchy nature of her Instagram name.
All the criminals needed to do was find an insider at the woman’s cell phone company who would assist them in SIM hijacking her phone.
Memorable usernames will sell for between $500 and $5,000 on the black market. In another example cited by Motherboard, the Instagram account @t reportedly sold for some $40,000 in Bitcoin.
Unfortunately, it’s not just Instagram accounts with snazzy handles that are being targeted. Those same criminals who targeted @Rainbow also commandeered the woman’s Amazon, eBay, Paypal, Netflix and Hulu accounts.
While this is by no means a way to protect yourself, you might want to consider choosing nondescript social media and gaming handles when you’re setting up a new account. Boring and bland handles likely won’t have a lot of resale value and therefore won’t attract the attention of criminals.
To really protect yourself, though, you can’t assume you’re protected with just a passcode on your phone and standard two-factor authentication on all your accounts. The best way to fight back is to add a PIN to your smartphone account, which creates a necessary third layer of protection.
The procedure to do this varies by wireless carrier:
You’ll have to log into your AT&T account to add a PIN. Once you’re in your account, go to “View Profile” and then navigate to “Sign-in Info.”
Then look for “Wireless Passcode.” Finally, select “Manage Extra Security” to create your new passcode.
Sprint requires its customers to have a PIN. It’s a good idea to periodically update yours by logging into your account.
Once you’re in, select “My Sprint” and then “Profile,” followed by “Security.” Scroll down to “Security Information” to update your PIN. Be sure to hit “Save” before exiting.
Dial either 611 or 1-800-937-8997 on your phone to add a PIN to your phone’s account. Unlike the other carriers which only allow four digit PINs, T-Mobile allows you to create a six-digit passcode.
Go to VZW.com/PIN to set your PIN. As an alternative, you can stop by any Verizon store with your government-issued ID or call 1-800-922-0204.