Imagine having trouble with your smartphone. You contact your carrier for help, but they say you’re no longer a customer, and that you recently transferred your phone account to another carrier! Welcome to the central act in a growing cybersecurity threat-mobile account takeover. Consider the story of Tiffany and Kevin Bennett, who suffered this new form of identity theft.
One day, Tiffany received an email from her mobile phone company saying the password on the mobile account had been changed. She shares the account with her husband, Kevin, and figured that he must have changed the password, so she ignored the email alert.
A few hours later, however, Tiffany could no longer send or receive any messages. When Kevin tried to call her phone number it rang-but not on Tiffany’s phone. What happened? Someone hacked into the Bennett’s mobile phone account and forwarded Tiffany’s number to a new phone. All of her calls and texts were being forwarded to this number, too. The hacker was then able to enroll one of the Bennett’s credit cards, bought on the black market, in Apple Pay. When the credit card company texted the verification code to Tiffany’s number, the hacker received it instead. With access to their credit card, the impostor was able to spend hundreds of the Bennett’s dollars.
Eventually, the Bennetts got back their money and control of Tiffany’s phone number, but the entire process was stressful and time-consuming. How did this happen? The Bennetts were missing a crucial security feature on their mobile phone account-a PIN.
1. Set a PIN on your phone carrier mobile account
The most important thing you can do to stop mobile account takeover is to protect your account with a PIN. Here, we are not talking about setting a PIN or passcode on your physical device, but rather on your account with your mobile carrier.
When you add a PIN to your account, no changes can be made without that PIN. It’s essentially like freezing your credit-until the freeze is lifted, no changes or new devices can be added. This blocks hackers from accessing information in your account, adding a new device to your plan, or forwarding your number to a new number (like what happened to the Bennetts)-all parts of complex, growing frauds. Anytime you log into your account online, call your carrier, or visit a physical store, you will be prompted to enter your PIN. You can set this feature up online or over the phone. It only takes a few minutes, but adds strong security. Remember, don’t use a PIN that is easy to guess like your birth date or the last four digits of your phone number.
2. Protect your smartphone or tablet with a passcode
Recently, Symantec performed a study and dropped 50 unprotected smartphones in public spaces to see what would happen. The results were eye-opening.
They discovered that 89% of people who found one of these phones opened personal apps such as online banking. Sixty percent opened social media and email apps and 57% tried to open a passwords file. And while 50% of the finders tried to contact the owner of the phone, half of them also took a dive into the owner’s personal life. Adding a passcode to your device may seem like a simple approach yet one-quarter of smartphone owners do not lock their device.
If you use an iPhone, you have a few passcode options: a four-digit code, a six-digit code, or a custom alphanumeric code. The six-digit or custom alphanumeric codes are the most secure choices. You can enable or change your passcode through Settings, where you select Touch ID & Passcode.
Android users also have multiple options. You can choose from a lock pattern, a four to seventeen digit code, or a password. And while some people like the lock screen option, many security experts warn that it is not the most secure option-someone could guess the pattern by the fingerprints on your screen. Instead, choose the password or a long code. Again, this can be done through the Settings feature.
3. Activate ‘find my phone’ feature
If your phone is lost or stolen, you’ll be glad you put a passcode on it. But you’ll also want a way to try to get your phone back. Both Apple and Android phones have built-in features that allow you to track your phone, remotely turn off and lock your device, and even delete the data stored on your device.
For Apple users, this is called Find my iPhone and it is pre-installed on any iPhone running iOS 7 or higher. You can enable it by going to Settings, iCloud, and enable Find my iPhone.
Android users can activate Find My Device on their phone or tablet. To turn this feature on, go to Settings, Google Settings, and then Security.
(Note that for both types of devices, you’ll need to activate location services for the feature to work.)
4. Update software and apps
Often, people are reluctant to update their phone software because they don’t want a new operating system that changes the phone’s interface. But these updates usually are not cosmetic-more often they close known security vulnerabilities. Putting off the update because you don’t want your messages app to change is putting your security at risk. And the operating system is not the only program that you need to keep updated. All of your apps need to be updated as well. Hackers can find their way into your phone through security holes in outdated apps, so be sure you are updating all of your apps regularly. And also take note that you should only download apps from the official App stores for your device. Apps outside of these stores are not checked for malware or privacy settings and may compromise your privacy and security.
5. Back up your phone regularly
Another important action you need to do regularly is to back your phone up to two places-the Cloud and your computer. The reason you want to regularly back up your phone is so that if something does happen-you download malware or your phone is hacked-you can do a factory reset and essentially erase your phone while knowing your data is safe in two other places. Once you clear your phone, you can download your data from a backup. To back up your phone to your computer, connect your phone via USB and follow the instructions on your screen.
iPhone users that have enabled iCloud can back up to the Cloud automatically every time the phone is plugged in and connected to Wi-Fi. iPhone users should back up to their computer every so often as well. To do so, physically plug your phone into your computer using the USB charging cord and open iTunes. You will be guided through the process.
Android users can link their phone to their Google account for automatic backups through the Settings folder. To create a backup on your computer, connect your phone using a USB cable and copy your phone’s SD card into a folder on your desktop.
Take action now
Take these key actions now to protect your smartphone from the hackers. As with all cybersecurity choices, you need to decide the level of security you want for your device. Implementing all of these options will give you the best protection, but even choosing just a few will significantly boost your security.
Netflix scam making the rounds fools savvy computer users too. Be on the lookout for emails appearing to be from Netflix which say that your account has been suspended due to credit card validation issues. According to experts, the email looks very official and directs recipients to a fake Netflix page that asks for login credentials and other personal information such as payment card data. Netflix reminds users that they will never ask for personal information via email.
Be aware of scams and frauds while holiday shopping this season. As always, scammers will be busy this season trying to trick consumers into divulging personal information or falling for frauds. But there are some actions you can take to help prevent a cybersecurity incident. For example, shopping with a credit card can provide you with more protection. If a deal seems too good to be true, do some research to confirm it is legitimate. And as always, don’t enter your credit card information over free public Wi-Fi when shopping online.
Content provided by Horsesmouth