Thursday, July 14, 2016
An impostor posed as Lorrie Cranor at a mobile phone store (in Ohio, nowhere near Cranor’s home) and obtained her number. She is the Federal Trade Commission’s chief technologist. Her impostor’s con netted two new iPhones (the priciest models—and the charges went to Cranor) with her number.
In a blog post, Cranor writes: “My phones immediately stopped receiving calls.” She was stiffed with “a large bill and the anxiety and fear of financial injury.”
Cranor was a victim of identity theft. She contacted her mobile carrier after her phone ceased working during use. The company rep said her account had been updated to include the new devices, and that her Android’s SIM cards had been disabled. The company replaced the SIM cards and restored use of her phones.
The company’s fraud department removed the charges but blamed the theft on Cranor.
So how does an impostor pull off this stunt so easily? Stores owned by the mobile carrier are required to ask for a photo ID and last four digits of the customer’s SSN. However, at a third party retailer, this requirement may not be in place. In the Cranor case, the crook used a photo ID of herself but with Cranor’s name—and was not required to reveal the victim’s SSN last four digits.
Cranor’s Actions
- Changed password of online account
- Added extra security PIN
- Reported the theft to identitytheft.gov
- Placed a fraud alert and got a free credit report
- Filed a police report
Hijacking a smartphone is becoming more common, with the FTC having received over 2,600 reports just for January this year.
You may not think that this type of fraud ranks as high as other types of fraud, but it all depends on the thief and his—or her—intentions. Though the thief may only want to sell the phones for a little profit, a different kind of crook may want to hijack a phone to commit stalking or espionage. Or the thief can gain access to the victim’s text messages. If the phone is used for two factor authentication, then a thief would have access to your One Time Passwords (OTP) upon logging into a critical website. There’s all sorts of possibilities. The most important tip: add an extra security PIN to your account. This way, whether over the phone, web or in person, this “second factor” of authentication will make it harder for a thief to become you.
Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.
About the Author
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
Similar Posts
- Can Two-Factor Authentication actually fail?
You’ve probably read many times that two-factor authentication is a superb extra layer of protection against a thief hacking into your accounts, because gaining access requires entering a One Time Passcode (OTP)—sent via text or voice—into a login field. In other words, no phone, no access. But CAN a hacker get the phone? Ask Deray McKesson, - Go Two-Factor or go Home
Logins that require only a password are not secure. What if someone gets your password? They can log in, and the site won’t know it’s not you. Think nobody could guess your 15-character password of mumbo-jumbo? It’s still possible: A keylogger or visual hacker could obtain it while you’re sitting there sipping your 700-calorie latte as - Identity Fraud Victim every two Seconds
Yes, identity fraud is SO common that someone becomes a victim every two seconds. The 2014 Identity Fraud Study, as reported on javelinstrategy.com, turned up some alarming results. Though the dollar amount stolen had decreased over the year preceding the study, the number of victims had increased. People at highest risk were ages 35 to 44. Account - Username and Passwords Are Facilitating Fraud
In 2005, the Federal Financial Institutions Examination Council stated: “The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. Account fraud and identity theft are frequently the result of single-factor (e.g., ID/password) authentication exploitation. Where risk assessments - How to use two-factor authentication for critical accounts
Have a small business? Great. Have two-factor authentication for your accounts? If you’re not sure of the answer to that question, you could be in trouble. October is National Cyber Security Awareness Month, the perfect time to learn more about cyber security. As a small business owner, you certainly have thought about data breaches. They