• Wealth Management

Phone Fraud: How To Protect Yourself

Learn how to help prevent fraudsters from taking control of your phone to perpetrate identity theft, fraud and other scams.

Do you pay as much attention to protecting the security of your phone as your computer? You should, because your phone is a gateway to your financial, social media, email and other personal accounts. Fraudsters are continually devising new schemes to take control of your phone to perpetrate identity theft, fraud and other scams—and if they succeed, the damage can be significant.

Why Phones?

Picture this: One day your cell phone just stops working. You can’t initiate or receive any calls or text messages. To understand how scary that is, think about the times you’ve needed to reset a password and were asked to provide a one-time passcode sent to you via text. Now imagine that you’re not on the receiving end of those texts, but a fraudster who has taken over control of your phone is—and is resetting the passwords for all of your sensitive logins.

Phone Porting Scams

So how does a fraudster get control of your phone number in the first place? This kind of identity theft scam is often called a “phone porting” or “SIM swapping” attack. Here’s what typically happens: The scammer gathers all the personally identifiable information about you that’s available—things like your name, address, date of birth and SSN—then calls your mobile carrier, pretends to be you and convinces the service representative to transfer your number to a new service or device.

How Can You Protect Yourself?

Because this type of scam is increasingly common, many carriers now allow you to add extra security to your account. This way, if and when you have a legitimate need to transfer your number, you’ll be asked to provide a special personal identification, or PIN, code or answer an identity verification question. An ounce of prevention really is worth a pound of cure. Call your carrier today to understand what proactive security measures you can put in place.

For your sensitive account logins, you should also consider multifactor-authentication offerings that aren’t tied to your phone number. At Morgan Stanley, these include device registration, push notifications, biometrics (face/touch ID) and security keys.

If you do suspect you’re the victim of a phone porting attack, contact your mobile carrier and financial institutions immediately to let them know. Reacting quickly is a key way to limit the damage.

What about those Annoying Robocalls?

We’ve all been there—you’re sitting at home, trying to enjoy a nice dinner and your phone won’t stop buzzing with calls from unknown numbers.

While reputable entities, including banks and political parties, use robocalls, a large number of these calls originate from illegitimate telemarketers offering things you’ll never need. These include scammers pushing travel prizes or fake computer security services looking to steal personal information. Many illegitimate robocallers spoof their numbers so it looks like it’s coming from your area code or is a valid business or a government agency like the IRS.

These calls aren’t just annoying, they may also collect your voice print, which can then be used to commit fraud against you through voice-authenticated telephone systems.

Here are some best practices you can use to reduce robocalls and protect yourself from fraudsters:

  • Use caution when receiving calls from blocked or unknown numbers or from numbers you don't recognize.
  • Block calls from unknown or suspicious callers. You may also report calls if your carrier allows that.
  • Enable “Do Not Disturb” on your mobile device if available. This will restrict calls to numbers in your contacts.
  • Add your home phone and mobile numbers to the National Do Not Call Registry (although, note that illegitimate robocallers don’t respect the registry).
  • If someone calls you and claims to be with XYZ company, hang up and call the company directly. Use the company's website to find an official number.
  • If you do answer a call and hear a recording such as “Hello, can you hear me?” just hang up. Answering with “Yes” may allow for your voice print to be collected and used for unauthorized voice acknowledgements without you ever knowing.
  • Calls that request you to press a number to be connected to a representative should also be hung up. This may be a tactic to confirm your number is active and may lead to more unwanted calls.
  • More telco carriers have call authentication services that help identify known or suspected spam callers. You should check with your provider to find out what they offer.
  • There are various app-based solutions that can help to limit robocalls on mobile devices.

Your phone is the focal point for much of your life, so don’t compromise when it comes to security.

 

Online Security Center

Reporting an Online Security Concern

If you suspect you may be the victim of fraud or identity theft, or if you notice suspicious account activity or receive a questionable email or text that appears to be from Morgan Stanley, please contact us immediately at


888-454-3965
(24 hours a day, 7 days a week)