FBI Warns: Cyber Attackers Take Over Mobile Phone Accounts

Most consumers know that cyber attackers want their bank account credentials. However, they may not realize that online criminals also want to hack their mobile phone accounts. Although credit card accounts are the most common accounts overtaken by cyber thieves, 29 percent of accounts hijacked in 2013 were mobile and utility accounts, an increase from 9 percent in 2012. A recent FBI press release reports that mobile phone account takeovers happen all of the time.

Phishing, Smishing and Vishing

By now, most consumers have received phishing emails, or they have heard that they shouldn’t click on links in email messages. Consumers also know about using password manager applications to store and encrypt passwords; they’re the best way to generate tough-to-crack passwords without having to memorize them. However, a lot of consumers don’t expect cyber attackers to come after them through their mobile phones. Today’s criminals are still sending phishing emails, but they’re opting more often for “smishing” and “vishing” attacks.

Smishing, derived from the official term for text messages (SMS), happens when a cyber criminal sends a malicious link via text message. The FBI reports that criminals are sending text messages claiming to be from the recipient’s mobile carrier. Recipients are invited to click a link to receive a credit, a prize or a discount that ranges between $100 and $2,500. The link contains components like MyBonus, Reward, Promo, ILove or ILike. For example, a criminal could send a URL that looks like “my[insert phone company name]bonus.com”

Vishing occurs when criminals call someone or leaves a voicemail in which they claim to be from a bank, credit card company or other important-sounding organization. In the mobile phone scam, someone could call a customer and leave a voicemail claiming to be a phone company representative. The person could tell the customer to call a specific number to discuss a credit or promotion. Instead of calling the phone company, the customer would be calling the criminal directly.

How Thieves Get Into Mobile Phone Accounts

Once a customer clicks a link in a smishing text or starts talking to someone that is part of a vishing scam, the customer is asked to provide login credentials and also the last four digits of a Social Security number. Once cyber criminals have the account information, they often order mobile phones or new account services and charge them to the customer’s account. Then, they often resell the phones or resell the services they added to the customer’s account.

Consumers usually aren’t surprised to receive a text message or phone call from their phone companies, and they’re used to being asked to provide the last four digits of their Social Security numbers as an authentication tool. The worst problems happen when consumers use the same usernames and passwords for not only their mobile phone accounts but also their bank and credit card accounts. In addition to ordering a new iPhone 5S or Samsung Galaxy 5 from the customer’s mobile phone company, they can also use unsuspecting customers’ financial information to make other unauthorized purchases.

How Consumers Can Protect Themselves

To avoid getting caught up in a mobile phone scam, consumers need to take a few smart precautions:

Never answer directly. Avoid tapping links in text messages and calling back unfamiliar numbers left in unsolicited messages. Instead, contact the phone number on the phone company’s website or use the number provided on the account statement.

Avoid trading account information for compensation. Any unsolicited email, phone call or text message that offers financial compensation in exchange for account information is probably a scam.

Be suspicious. Credits from phone companies or cash prizes sound great, and people like to fantasize that they’ll win money. However, if any text message, voicemail or email sounds too good to be true, then it probably is.

Avoid the Hassle

Get into the practice of never sharing password information over the phone, over text message or over email. Also, consumers should never share passwords unless they made the initial contact with the company. It’s time for phone companies to use phone line authentication or biometric authentication instead of asking for customers’ Social Security numbers. Consumers also need to get wise about the dangers of phishing, vishing and smishing.


Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
In 2003, more than 10 million Americans fell victim to identity theft.

Identity theft costs business and individuals $53 billion dollars annually

In 2003, Americans spent 300 million hours resolving issues related to identity theft.

70% of all identity theft cases are perpetrated by a co-worker or employee of an affiliated business.