FTC: mobile account ID theft epidemic, how to secure your phone on Verizon, AT&T, T-Mobile or Sprint
As per Lorrie Cranor, one of the victims, who had both hers and her husband's phones die on the same day (they thought was an issue with the service provider): "We found out that someone had gone into the phone store in another city with a fake ID and said they wanted to upgrade their phones. They walked out with two brand new iPhones with our phone numbers on them and charged to our account."
Needless to say, a lot of calls and days later, the service was restored and amounts refunded, but the carriers are the ones eating the charges, so industry associations and carriers themselves are coming up with methods like two-factor authentication and others, to combat this phenomenon. Here's what the FTC advises you to do, in order to prevent easy mobile account hijacking:
AT&T offers a feature they refer to as “extra security.” Once activated, any interaction with AT&T, whether online, via phone, or in a retail store will require that you provide your passcode. You can use your AT&T online account or the myAT&T app on your mobile phone to turn on extra security (link is external). Note, that when you login online with your passcode, you may be presented with the option to not be asked for it again. Do not accept this option or you will disable extra security.
Sprint asks customers to set a PIN and security questions when they establish service with Sprint, so no additional steps are needed to use this feature.
T-Mobile allows their customers to establish a customer care password on their accounts (link is external). Once established, customers are required to provide this password when contacting T-Mobile by phone. To establish such a password, customers can call T-Mobile customer service or visit a T-Mobile retail store.
Verizon allows their customers to set an account PIN. Customers can do this by editing their profile in their online account, calling customer service, or visiting a Verizon retail store. This PIN provides additional security for telephone transactions and certain other transactions.
Using this extra password or PIN is a good idea and should help reduce your risk of mobile account takeovers. However, it does not offer complete protection, so make sure you remain alert for phishing attacks, protect your financial account information, and examine your mobile phone and credit card bills carefully every month for signs of fraud. If your phone stops receiving a signal and says “emergency calls only” or “no network,” even after you restart your phone, contact your mobile carrier to see whether your account has been hijacked.
Sprint asks customers to set a PIN and security questions when they establish service with Sprint, so no additional steps are needed to use this feature.
T-Mobile allows their customers to establish a customer care password on their accounts (link is external). Once established, customers are required to provide this password when contacting T-Mobile by phone. To establish such a password, customers can call T-Mobile customer service or visit a T-Mobile retail store.
Verizon allows their customers to set an account PIN. Customers can do this by editing their profile in their online account, calling customer service, or visiting a Verizon retail store. This PIN provides additional security for telephone transactions and certain other transactions.
Using this extra password or PIN is a good idea and should help reduce your risk of mobile account takeovers. However, it does not offer complete protection, so make sure you remain alert for phishing attacks, protect your financial account information, and examine your mobile phone and credit card bills carefully every month for signs of fraud. If your phone stops receiving a signal and says “emergency calls only” or “no network,” even after you restart your phone, contact your mobile carrier to see whether your account has been hijacked.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: