CHANGE YOUR MOBILE PHONE CARRIER PIN NUMBER NOW!

If you are reading this, you should immediately change the pin code you have set up with your mobile carrier.

On August 20th, 2021, T-Mobile announced that over 50 million people, including current and former customers as well as prepaid customers, were affected by a security breach. Information like Social Security numbers, driver’s licenses, and account PINs were exposed.

Regardless of whether you’re a T-Mobile customer, the exposure of your account PINs is a major risk. That’s the password that you’re asked to give to a T-Mobile employee before any changes can be made to your account.   With this 4 digit pin code, your life will change for the worse.

A basic SIM swap attack is when a hacker convinces a cellular carrier to switch the target phone number over to a SIM card they own. The hacker can then use your phone number, on their phone, to trick services into resetting your passwords. Furthermore, the hacker will be receiving all your personal information such as text messages, calls, and data on their phone. They can get instant access to any two-factor authentication codes you receive through text messages, the PIN that an institution texts you to verify your identity.

SIM attacks appear to be behind the Justin Bieber hack and the hack of a cryptocurrency investor that resulted in the theft of $23.8 million worth of tokens.

If I do not have your attention, then please read this article.

The SIM Hijackers – https://www.vice.com/en/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin

Measures to be taken to Avoid Sim Swapping

If you’ve been a victim of a SIM hijacking attempt, there’s not much you can do to stop SIM hijackers from targeting you. If the attacker is skilled, they might actually take over your digital footprint.

On a lighter note, there are steps that you can take to limit the chances of a SIM swap attack ever happening to you.

  • Change your pin code:  You should immediately change your carrier pin code by logging into your account, find the Security tab and change your pin code.  I recommend changing this every 6 months and using a pin that has never been used before.  

  • Online behavior: Be on alert of phishing emails, you get a new email that looks like it’s from a friend, and other ways cyber attackers may try to access your personal data to help them convince your bank or cell device carrier that they are you. You may wonder, how are fraudsters able to answer your security questions That’s where the data criminals collected data on you.
  • Account security: Increase your cell account security with a unique, strong password and strong extra security questions and answers (Q&A) that only you know.
  • PIN codes: If your device carrier allows you to set a separate passcode or PIN for your communications, consider getting it done. It could potentially provide an additional layer of protection.
  • IDs: Don’t build your security and identity authentication solely around your phone number accounts. This includes text messaging (SMS), which is not encrypted.
  • Authentication apps: You can use an authentication app such as Google Authenticator, which gives you 2FA but it links to your physical device rather than your device number.
  • Bank and mobile carrier alert: Watch out if your banks and mobile carrier can combine efforts, sharing their knowledge of SIM swap activity, and implementing user alerts along with additional checks when a new SIM card is reissued, for example.
  • Behavioral analysis technology: Banks can use technology that analyzes customer behavior to help them discover and identify compromised devices, warning them not to send SMS passwords and other confidential info.
  • Call-backs: Some organizations call customers back to make sure they are who they say they are when they are using their accounts — and to catch cybercriminals.

If you’re the target of a SIM swap scam

  • Contact your cellular service provider immediately to take back control of your phone number. After you regain access to your phone number, change your account passwords.
  • Check your credit card, bank, and other financial accounts for unauthorized charges or changes. If you see any, report them to the company or institution.

If you think a scammer has your information — like your Social Security, credit card, or bank account number — go to IdentityTheft.gov to see the specific steps to take.

 

 

 

You’ve been hacked

How did this happen

I received an email the other day stating I had visited a porn site and that everything was recorded that I had looked at.  If I did not pay $500 in bitcoin, this information would be made public on the internet.   It even included my email address and an old password, with the remarks “Now do I have your attention”.  The only problem was, I don’t look at porn sites.   But how did they get my email address and password?

The number one answer is a data breach.  My email, name, and password were stolen from a retail website that I had purchased something from. To see for yourself, visit https://monitor.firefox.com and enter your email address.  I am 99% certain your information will be found in some kind of data theft/hack (be sure to try multiple email addresses you use to make online purchases with).

With this information, hackers will now use this data (email address and password) by using a password tester/cracker that tests thousands of sites per minute including Gmail, Amazon, eBay, and many other popular sites.  Even if you have multiple email addresses, hackers know that you use the same password for all of them.  Not to mention your password is probably easy to guess.  My old password could have been cracked in 4 days and I thought it was a secure password.  Test your current password to see how long it would take to crack by visiting https://howsecureismypassword.net. You may be amazed at how quickly someone could guess your password.   (This is a secure site, and no data is saved. )

Consider these identity theft statistics:

  • In 2017, 6.64 percent of consumers became victims of identity fraud — that’s about 1 in 15 people
  • Overall, 33 percent of U.S. adults have experienced identity theft, which is more than twice the global average
  • One in five victims of identity theft have experienced it more than once
  • Over 1 million children in the U.S. were victims of identity theft in 2017, costing families $540 million in out-of-pocket expenses
  • There’s a new victim of identity theft every 2 seconds
  • Identity theft is one of the most common consequences of data breaches, and exposed consumer records jumped 126 percent in 2018
  • Emotional distress is reported by 77.3 percent of identity theft victims

In other words, if your chances of winning the lottery were 1 in 15, as the odds of being an ID theft victim, we’d all have family, friends, and colleagues who are millionaires.

What can you do

  • Protect all of the accounts of the websites you log in to by NOT using the same password.   A person has an average of 12 accounts for things like Amazon, Paypal, etc… and the username and passwords to these 12 accounts are 83% of the time the same.
    I highly recommend using a password manager like LastPass (https://www.lastpass.com) to keep track of your username and passwords.  It works on desktop and mobile devices, and I have found this to be the best password manager for myself and my family.

    • It keeps track of all the username and password to all of your accounts
    • Easy authentication with autofill for desktop and mobile
    • Automatically saves new account login credentials
    • Creates 30+ characters randomly generated passwords
    • Makes sure that no single account uses the same password.
    • Share folders of accounts with other family members (Sling TV, WiFi passwords, etc..)
    •  I also highly recommend using the LastPass Authenticator app to secure your LastPass account.
  • Change your password every 3 months.   Easy to do using LastPass.  This way, any dark web data that sits around for more than 3 months consists of old passwords.
  • Most importantly!  Protect your Gmail account using 2-Step Verification.  Why Gmail, because this is the email address most commonly used to make financial transactions (purchase something).
    • Turn on 2-Step Verification
      2-Step Verification helps prevent a hacker from getting into your account, even if they steal your password. To avoid common phishing techniques associated with text message codes, choose a stronger second verification step
    • I highly recommend Google Prompts (More secure than text message codes)
  • Signup for Firefox monitoring (it’s free) and enter all of the email addresses you and your family use.  Firefox will notify you in the event they find your email address in a data breach.  Somehow they seem to be way ahead of the game when it comes to monitoring stolen data.

When it comes to paying for credit monitoring services, it depends on yourself and your family and what you are wanting to pay for.  And yes, include all of your kids in this monitoring service.    Here is a link to “The 7 Best Credit Monitoring Services of 2020“.

You may also want to consider putting a 3-year credit freeze on your SSN so that NO accounts can be opened with your personal information.   You can read more about this by visiting the  U.S Consumer Federal Trade Commission web site at https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs