July 21, 2019

July 19, 2019

Subscribe to Latest Legal News and Analysis

July 18, 2019

Subscribe to Latest Legal News and Analysis

The Numbers Do Lie: How Thieves Can Steal Your Cell Phone Number and Wreak Havoc on Your Life

If you have an online account, you are familiar with the username/password method of user authentication. If you have been paying attention to recent news stories, however, you also recognize that this method of authentication has some security drawbacks. A quick visit to the website www.haveibeenpwned.com can help identify if your email address has been involved in a security breach, such as the breach that occurred at LinkedIn in 2012. In that breach, user email address and site passwords (stored as SHA1 hashes without salt) were stolen, and many were cracked to reveal the true text of the user’s password. This meant that users who re-use passwords across platforms were susceptible to having other accounts accessed by the password thieves (or those to whom the thieves sold that information).

As both a remedial and preventative measure, users can employ the use of a password manager or, preferably, can enable a form of multi-factor authentication (“MFA,” sometimes referred to as “2-factor authentication” or “2-step verification”) to prevent stolen credentials from being used to access other accounts. One form of MFA used commonly is to have the service provider send a message with a one-time code to a trusted device, such as a cellular telephone, during a log-on attempt. Users of Apple’s iCloud, Google’s Gmail, or Microsoft’s Xbox who have enabled MFA may already be familiar with this process. And it can be used on a variety of platforms, from social media to online banking. But what if someone stole not your cell phone, but your cell phone number and therefore received your calls, text messages, and MFA verification codes? In an emerging fraud trend, criminals are doing just that. Fortunately, there is a way to protect yourself.

This week, T-Mobile began notifying its users of a “port-out scam” affecting all of the cellular telephone industry. In a port-out scam, fraudsters impersonate legitimate users to transfer service for a cellular telephone number to a device in the fraudster’s possession. That person would then begin to receive messages meant for the victim, which could include MFA codes, banking information, personal communications, or other sensitive and confidential messages or media.

Targeting a specific individual to facilitate fraud is not new. Spear-phishing emails have existed for years, through which fraudsters target specific people in a company to attempt to defraud the company. W-2 scams try to convince company workers to send all employees’ W-2 information to fraudsters. CEO scams target a company’s finance department to attempt to facilitate wire transfers. General phishing messages may try to obtain various employees’ log-on credentials. It is not a far jump to identify a person’s cellular telephone number and add that to the various schemes by which criminals can facilitate fraud, especially if your cellular telephone number is published or otherwise known widely. Indeed, receiving a telephone call or text message from a company contact – and being able to respond to that call or message at the correct cellular telephone number – would add a lot of credibility to a fraud scheme.

Fortunately, you can protect yourself (and your company) against port-out scams. Simply contact your carrier’s customer service department and inquire about adding a security code to your account. Once added, changes can be made to an account only if the person requesting the change knows the code. It is therefore important that the code be kept confidential and secure.

© Copyright 2019 Dickinson Wright PLLC


About this Author

Justin Root, Dickinson Wright Law Firm, Cybersecurity and Information Privacy Attorney
Of Counsel

Clients with cybersecurity and information privacy concerns and challenges hire Justin for his experienced, tenacious, and thorough approach to data privacy and navigating an incident response. Justin’s breadth of experience, which includes service as a Special Deputy United States Marshal on the Federal Bureau of Investigation’s Cybercrime Task Force, is ever-present in his calming and clear analysis and strategic assessments of and approaches to cybersecurity and data privacy issues. As a result, Justin’s solutions-oriented approach reflects an appreciation for and is...

Sara H. Jodka, Dickinson Wright, largescale layoffs lawyer, employment reductions attorney
Of Counsel

Sara H. Jodka, Of Counsel at Dickinson Wright, dedicates her practice to working with employers to anticipate, identify, and resolve labor and employment, data privacy, related compliance issues and litigation risks in today’s ever evolving workplace. Sara devotes a significant part of her practice to proactively counseling employers in litigation prevention and overall compliance with state, federal, and administrative laws and regulations, which includes reviewing and revising employee handbooks and policies; counseling management regarding termination decisions (including largescale layoffs/reductions in force) ; performing exempt status classification audits; and training employees on key employment policies and issues, including those related to leave, privacy, discrimination, harassment and retaliation, social media, the digital workplace and others. She routinely defends employers, in both state and federal court, arising under Title VII, the Age Discrimination in Employment Act (ADEA), the Americans with Disabilities Act (ADA), the Family Medical Leave Act (FMLA), the Fair Labor Standards Act (FLSA), the Fair Credit Reporting Act (FCRA) (i.e., background checks issues) and comparable state laws. Sara also has significant experience defending employers in class and collective action disputes, including wage and hour litigation involving claims of allegedly unpaid meal/rest breaks; unpaid overtime; off-the-clock work; and exempt status misclassification.

Wendy Hulton, product regulation, attorney, Dickinson Wright, law firm

Wendy Hulton’s practice involves advising and representing clients in connection with product liability, environmental, product claim disputes and wrongful dismissal actions. Wendy has been the author of the Canadian chapter of Product Recall text for a number of years.

Wendy has over 25 years of experience in the area of product regulation. She provides advice on dietary supplements, natural health products, foods, drugs, cosmetics, medical devices and a wide range of consumer products. She is retained by clients throughout Canada, the US and...