Your Cell Phone May be at Risk; The Clever Way Thieves Easily Steal your 2FA Passwords

by | Nov 9, 2020 | Uncategorized | 0 comments

There’s a new scam going around, a clever way to steal all your 2FA (Two Factor Authentication) passwords and gain access to your most sensitive information. It is basically identity theft enabling criminals to wipe out all your bank accounts in a matter of minutes. Worry aside, port protection can easily prevent this from happening and it takes only ten minutes of your time, but very few people are doing it simply because we are not familiar with this looming scam.

Porting Scam Explained

Let’s get into the mechanics of this cellphone porting scam. By law, mobile carriers are forced to allow customers to port a phone number from one carrier to another. Since 2007, telecom companies have been required to let customers take their phone number to a new carrier without approval from their existing provider.

The Canadian Radio-television and Telecommunications Commission (CRTC) policy is meant to facilitate competition between carriers – but it has also had an unintended consequence. However, when a scammer gets his hands on your mobile account password, they would use a fake phone number, for example from a burner phone, to request a port to a new carrier. Then, they will receive a one-time password on the burner phone and once they use it your phone will be shut off and all your text messages and calls forwarded to the new phone. All it takes is the scammer to purchase your compromised passwords from the dark web, or you click a link that loads a keylogger on your devices. If you reuse the same password for more than one website, you are at an increased risk for this identity theft and resulting fraud.

Setting each and every one of your passwords to have two-factor authentication enabled is a smart move of course, especially if you use apps like Google Authenticator and Microsoft Authenticator that keep your passwords and private information extra safe. They will generate one-time, time-sensitive passwords as a second step to log into your account and services, however, you can understand how meaningless that is if a scammer has access to your messages and calls.

SIM Swap Scam Explained

Many companies rely on text message two-factor authentication where they text you a one-time code for logging in or resetting your password, but this would also be of no use if your cellphone gets stolen, or someone steals access to your phone without your knowledge. Now, they can simply pretend to be you and request a new SIM card for your account which will give them access to your phone number and consequently to your personal information, credit card, bank account, PayPal, and other accounts. This is known as sim card swap fraud.

How do you Protect yourself from a Porting and SIM Swap Frauds?

Port Protection or Transfer Block, helps prevent your phone number from being ported out by mistake or transferred on purpose by an unauthorized user to another carrier and all it takes to get it activated is a quick five-minute phone call to your cell phone provider’s customer service, or make a tweak to your account online. This will provide you with a security PIN, required when porting your phone number to a new carrier or requesting a new SIM card. Some carriers request that you answer even more security questions than normal to prove you are not an imposter. The process can normally vary a bit from carrier to carrier, however it will secure your account against both porting fraud and sim card swap fraud.

Who offers cell phone port protection?

Most, if not all, Canadian cell phone carriers offer this service including Rogers, Bell, Telus, Fido, Koodo, and any other reputable Canadian carrier worth their salt. If for some reason they don’t, you can call their customer service and request them to implement this security service. After all, you are the customer and you must protect yourself.

How much will this cell phone Port Protection Service cost me?

The good news is that the port protection service is absolutely free, which is amazing! You might get asked a series of questions, again depending on your provider, or even get a stronger verbal PIN if you’d like. One you would use should you ever decide to actually need to move your phone number to another provider or request a new SIM. It is yet another level of protection and security, but definitely, a necessary one to prevent a massive headache later on.

What are some other steps you can take to protect yourself?

There are many ways to keep your accounts secure, one of which is to never reuse passwords. If you have trouble remembering your passwords, a good tip is to use a secure vault like 1Password, LastPass, or Keepass. These password protectors will allow you to use one master key to gain access to all your passwords, but it’s completely encrypted, meaning nobody is going to see your information if it gets intercepted. It would just look like a bunch of gibberish. The other benefit is never having to type in your email address or password since these apps frequently use autofill. Another thing you can do to protect your information is to never click on links you receive via text message. Legitimate companies never request personal information, or have you click on a link to secure your account. When in doubt, look up the company customer service phone number and call them yourself to verify anything nefarious.

Let us know how we can help!

If at any time you have more questions or would like to speak to someone directly, feel free to drop us a line here. We'll respond within 24 hours to your request.

Author

  • Jordan

    Jordan has over 20 years of experience in Information Technology, largely spent at a leading Canadian children’s hospital within their research institute. His technical background is vast and includes networking, systems architecture, client-side support, server administration and management of technical assets.

Other Articles

Happy Password Day 2021!

Another year, another password! Happy Password Day 2021! The number of online services that require a password these days is growing. More and more...

Looking for assistance with technology?

If you found this article helpful, or are looking to for help with implementing the discussed technology in this article. Book a free 15-minute Consultation with someone from our team to discuss your needs!

Jordan Trask

Jordan Trask

Typically replies within 24 hours

I will be back soon

Jordan Trask
Hello, have a question?
Email, Phone or What's app
chat Contact