Mobile Phone Account Hijacking
By hijacking mobile phone accounts, identity thieves have found a new and easy way to make money. This new technique is a form of money laundering, because the thieves take over the mobile account so that they can order equipment like news phones to your account, then turn around and sell them.
According to the Wireless Association, CITA, while carriers are training customer service representatives on how to spot the fraud, they also have procedures that are meant to thwart it. Carriers use identifying credentials like passwords when subscribers activate a new device, make account changes, or to authenticate other transactions.
All four major carriers have seen an increase in this type of identity theft over the past several years. According to the FTC’s complaint database, there were 1,038 instances of mobile account hijacking in January of 2013, while this past January the number had more than doubled to 2,658.
Since wireless companies typically take the loss for stolen equipment, the real problem with this form of identity theft comes not when a thief orders new phones then sells them, but when they order new phones and keep them. With the security of two-factor authentication being more common for online accounts, financial ones in particular, hijacking mobile phone accounts is all the more troubling. Two-factor authentication only works because of the assumption that you are in possession or control over your phone.
Criminals are finding it more difficult to counterfeit credit cards thanks to chip enabled cards and are having to find other ways to use that information to make money. Taking over someone’s phone not only gives thieves access to bank accounts, it also allows them to download mobile payment apps. By using the stolen credit card and having taken over the victim’s mobile device when an authentication code is sent, the criminal is the one that receives it.
Wireless companies are eager to find a solution to this problem as they are the ones who are typically on the hook for stolen equipment, but there is an easy way to make it more difficult for someone to take over your account. All four major carriers have the option to add either a PIN or password that is required before any change can be made to your mobile account. This simple step could keep your account from being hijacked and save you a lot of time and frustration.