• Member Login
  • List Your Business
Print Posted By Ecommerce Exchange on 09/05/2017 in Security

Cyberthieves Targeting US Mobile Phone Accounts

Cyberthieves Targeting US Mobile Phone Accounts

A relatively new form of cybercrime recently has been plaguing American consumers. Thieves have been hijacking mobile phone account numbers and then transferring services to a different device, The New York Times reported recently.

Further, hackers have begun using mobile numbers to raid digital wallets and similar accounts, according to the paper.

Mobile Consumers at Risk

This type of theft has been successful even against the most sophisticated of consumers. Accounts belonging to the chief technologist of the Federal Trade Commission, Lorrie Cranor, are among those that reportedly have been breached.

A simple identity theft scam targeted two of her phones, Cranor wrote in an online post earlier this year, resulting in her eventually losing control of her devices and her account information, not to mention the intrusion into her personal life and loss of privacy.

Identity thieves simply walked into a store, claimed to be her, and asked for a mobile phone upgrade. They walked out with two new iPhones assigned to her number. The SIM cards on her account were deactivated.

The FTC declined to comment on whether it was pursuing an investigation related to the incident.

Cyberthefts involving a mobile phone account hijacking or opening of a new mobile account in a victim's name have jumped from 1,038 reported to the FTC in January of 2013, or 3.2 of all identity thefts reported to the commission in that month, to 2,638 in January 2016, or 6.3 percent.

Because only about 1 percent of identity thefts are reported to the FTC, regulators have only a small slice of examples to evaluate when trying to get ahead of data scams.

Social Engineering Tactics

The incidents that have been reported showcase a vulnerability in today's security protocols, said Mark Nunnikhoven, senior vice president for cloud research at Trend Micro.

A lot of multifactor identifications systems use text messages as a tool to verify identity, because the goal of many attacks is to take control over the phone number and not the physical handset, he told the E-Commerce Times.

"These attacks use social engineering techniques to abuse a mobile phone provider's business processes," Nunnikhoven said. "The attacker calls up the mobile phone provider and uses just enough information about you, plus a few social engineering techniques, to get the provider to transfer the number to new accounts."

It's a lot easier to have a legit number ported than it is to hack an entire phone network, he noted.


Read advice from security experts at Proofpoint and F-Secure about how cell phone users can safeguard their accounts, in the rest of this article on the E-Commerce Times.



Related Articles

Search Blog Posts

Contact This Member

Join Our Newsletter