Imagine having trouble with your smartphone. You contact your carrier for help, but they say you’re no longer a customer, and that you recently transferred your phone account to another carrier! Welcome to the central act in a growing cybersecurity threat-mobile account takeover. Consider the story of Tiffany and Kevin Bennett, who suffered this new form of identity theft.

One day, Tiffany received an email from her mobile phone company saying the password on the mobile account had been changed. She shares the account with her husband, Kevin, and figured that he must have changed the password, so she ignored the email alert.

A few hours later, however, Tiffany could no longer send or receive any messages. When Kevin tried to call her phone number it rang-but not on Tiffany’s phone. What happened? Someone hacked into the Bennett’s mobile phone account and forwarded Tiffany’s number to a new phone. All of her calls and texts were being forwarded to this number, too. The hacker was then able to enroll one of the Bennett’s credit cards, bought on the black market, in Apple Pay. When the credit card company texted the verification code to Tiffany’s number, the hacker received it instead. With access to their credit card, the impostor was able to spend hundreds of the Bennett’s dollars.

Read More