When people talk about phone scams, it's often the variety of fraud that can occur through cold calls to a person's home or mobile device. Like when scammers leave vaguely official sounding voicemails claiming to be Internal Revenue Service agents who need all of your personal information (and probably some form of payment) to close a faux tax audit. Or when some joker calls with the breathless information that you've "won" a free vacation. All you have to do is fork over a couple hundred bucks in "prize tax" to claim a trip that doesn't exist.
But as technology advances, scammers are getting more sophisticated. They're increasingly using fraud to take control of people's phones, often without the device ever leaving a victim's pocket.
"It's almost the same as having the device physically stolen," says Eva Velasquez, president of the Identity Theft Resource Center. "They could have access to the data for any accounts that you use your phone to access."
The Big Switch
It's called "porting out": Thieves use a person's information to switch his or her phone number to a new phone with a new service provider. They can then use the phone to intercept messages. That includes two-factor authentication messages, the codes that banks and others often send their customers to confirm their identity before customers can access their accounts online.
"Essentially, they're getting their hands on your ID credentials somehow," Velasquez says. "Then they're contacting your mobile carrier and transferring those credentials to a new device."
The scam isn't new, but fraudsters are having enough success with it to get mobile phone service providers' attention. T-Mobile, AT&T, Sprint and Verizon have all warned customers in recent months of the threat of porting out schemes. The four major U.S. carriers also have created a task force to come up with ways to better authenticate that folks who ask to move their numbers from one service or phone to another are actually the numbers' owners.
Here's one sure sign that you may be the victim of porting out fraud: Your phone goes dark unexpectedly.
There are plenty of reasons why a phone may shut down, from a shoddy battery, extreme heat, water damage or missed payments. But when a fraudster switches your number to another device, that will also do the trick.
The scam normally starts with a thief getting hold of enough of your personal information to pose as you when asking your phone carrier to port out your number. Info like Social Security numbers, mailing addresses, phone numbers and email addresses are often obtained through basic internet and social media searches or through web-based black markets.
If you think you've been victimized by porting out, there are a few things you should do after contacting your phone service provider. Check your bank, credit card and other accounts to make sure you can still log in to them online and that there's been no suspicious activity like unauthorized purchases or information changes. It's also worth considering freezing your credit to stop anyone from opening new accounts in your name. You can also create a fraud alert through credit reporting bureaus as an additional protection. While you're doing that, be sure to snag a free credit report to check for suspicious activity.
Velasquez says there are plenty of things people can do to avoid being ported out in the first place. That starts with changing the way you think about your device.
"We often don't treat a mobile device like the computer that it is," Velasquez says. "You need to think about your device the same way you think about your laptop."
That means getting antivirus and malware protection. It also means using the tools that many cell phone service providers already offer, like port validation protection. Port validation requires device users to create a separate password, which he or she has to enter before the service provider will approve a request to move the number to another phone or account. Some service providers — like Verizon and Sprint — require customers to select a port out validation pin when they sign up for service.
Of course, fraudsters could still find a way to manipulate or get their hands on port validation pins. But the move provides an extra layer of protection that thieves have to get through in order to take your phone.