Prevent scammers from taking control of your phone to perpetrate identity theft and fraud
Do you pay as much attention to protecting the security of your phone as your computer?
You should because your phone is a gateway to your financial, social media, email and other personal accounts. Fraudsters are continually devising new schemes to take control of your phone to perpetrate identity theft and fraud—and if they succeed, the damage can be significant.
Picture this: One day your cell phone just stops working. You can’t initiate or receive any calls or text messages. To understand how scary that is, think about the times you’ve needed to reset a password and were asked to provide a one-time passcode sent to you via text. Now imagine that you’re not on the receiving end of those texts, but a fraudster who has taken over control of your phone is—and is resetting the passwords for all of your sensitive logins.
So how does a fraudster get control of your phone number in the first place? This kind of identity theft scam is often called a “phone porting” or “SIM swapping” attack.
Here’s what typically happens: The scammer gathers all the personally identifiable information about you that’s available—things like your name, address, date of birth and Social Security number—then calls your mobile carrier, pretends to be you and convinces the service representative to transfer your number to a new service or device.
Because phone scams are increasingly common, many carriers now allow you to add extra security to your account. This way, if and when you have a legitimate need to transfer your number, you’ll be asked to provide a special personal identification number (PIN) code or answer an identity verification question. An ounce of prevention really is worth a pound of cure. Call your carrier today to understand what proactive security measures you can put in place.
For your sensitive account logins, you should also consider multi-factor authentication offerings that aren’t tied to your phone number. At Morgan Stanley, these include device registration, push notifications, biometrics (face/touch ID) and security keys.
If you suspect you’re the victim of a phone porting attack, contact your mobile carrier and financial institutions immediately to let them know. Reacting quickly is a key way to limit the damage.
We’ve all been there—you’re sitting at home, trying to enjoy a nice dinner and your phone won’t stop buzzing with calls from unknown numbers.
While reputable entities, including banks and political parties, use robocalls, a large number of these calls originate from illegitimate telemarketers offering things you’ll never need. These include scammers pushing travel prizes or fake computer security services looking to steal personal information. Many illegitimate robocallers spoof their numbers so it looks like it’s coming from your area code or is a valid business or a government agency like the IRS.
These calls aren’t just annoying. They may also collect your voice print, which can then be used to commit identity theft or other types of fraud against you through voice-authenticated telephone systems.
While it’s difficult to completely eliminate robocalls, you can follow these best practices to reduce the amount of robocalls you receive and better protect yourself from fraudsters:
- Use caution when receiving calls from blocked or unknown numbers or from numbers you don't recognize. It’s perfectly ok to just let these callers go to voicemail and then check to see if the message is legitimate.
- Enable “Do Not Disturb” on your mobile device, if available. This will restrict calls to numbers in your contacts.
- Add your home phone and mobile numbers to the National Do Not Call Registry (even though illegitimate robocallers don’t respect the registry). Visit DoNotCall.gov to register your numbers.
- Call companies directly (using an official number from the company’s website) instead of trusting that a caller is a representative of that business.
- Hang up immediately if you hear a voice asking a question such as “Hello, can you hear me?” Answering affirmatively with “yes” may allow your voice print to be collected and used for unauthorized voice acknowledgements later without you realizing it.
- Avoid pressing a number to be connected to a representative when an inbound call requests this action. It may be a way to confirm your number is active and lead to even more unwanted calls.
- Use call authentication services offered by telco providers that help identify known or suspected spam callers.
- Take advantage of app-based solutions from phone carriers that limit robocalls on mobile devices, but be leery of using third-party spam blockers found at app stores because they may share data about you with other companies.
- Activate Anonymous Call rejection (for landlines only) by pressing *77 which automatically stops calls from numbers hidden from your caller ID.
Just like with robocalls, robotext fraudsters use a variety of messages to lure you into responding to them.
Some common scams revolve around topics such as guaranteeing prizes, offering low-interest credit cards, paying off student loans, extending car warranties, pretending there’s suspicious activity on your accounts and providing fake package tracking numbers.
How can you fight back against these fraudsters? Try these suggestions:
- Don’t engage in any manner with unwanted texts from questionable sources, including clicking on links. If you’re in doubt about the authenticity of the text, you can always contact the company in question by calling their official phone number listed on their website.
- Use your mobile phone’s filtering options to block text messages from unknown numbers. (Your wireless provider may also offer this service.) For Android users, tap on the three-dot icon, select “Settings” and then click on the option to enable spam protection. For iPhone users, go to “Settings,” select “Messages,” scroll to “Filter Unknown Senders” and choose that option.
- Activate call-blocking apps from your phone carrier because they often block unwanted text messages, too.
- Report robotexts to your mobile carrier by copying the original message and texting it to 7726 (SPAM).
- File a complaint with the Federal Trade Commission or the Federal Communications Commission.
No matter if you’re dealing with calls or texts, keep in mind that your phone is the focal point for much of your life. So, don’t compromise when it comes to its security.