Main content

Alert message

Artistically enhanced picture of a blue mobile phone keyboard

Leaving your personal details like your phone number, birth date, address and contacts publicly available on social media or websites could lead to a scammer stealing your identity and your cash!  Don’t think this would ever happen to you? In this very helpful blog, Leonie Smith, The Cyber Safety Lady explains why it might and provides some timely advice.

A recent 7.30 Report on the ABC reported on two victims of this growing phone number porting scam; both victims caught up in this scam are actually Telco Unionists. If it can happen to them, it can happen to anyone. The victims' mobile phone numbers and identities were stolen and then used to break into their bank accounts. One victim's Facebook friends were used to go guarantor for new bank accounts. Porting phone numbers is a way scammers can assume someone’s identity. Once a scammer takes control of the victim’s phone, he or she may be able to access bank accounts that are linked to the phone number. Not only that, any two-step verification code security will be sent straight to the scammers phone via the stolen phone number after they have ported it across to a new provider.

Recently I helped a client who was the victim of the exact same scam. She had her mobile phone number ported over to a new telco by a scammer three times in order to hack into her bank accounts to steal money from her. Leonie discusses the porting scam and its causes in scammed while you sleep,on A Current Affair [note, Cynthia the victim in the clip is not Leonie's client]

Many people live in the “It will never happen to me” universe where they think they are far too unimportant for a scammer to target. Don’t kid yourself...this scam is just too easy for a scammer to pull off, they don’t have to hack into your account if your personal identity information is publicly available through a website, through Facebook and Google. Even if you don’t have a lot of money to steal, these scammers are setting up loans, and stealing what money you do have using your credit cards and your accounts. At the very least, imagine the awful inconvenience of losing your phone number and then having to go through all the drama of getting it back or having to change it. Once a scammer knows your personal identity information it can be sold on to other scammers and you might have to spend a lot of time changing phone numbers, passwords and setting security, dealing with providers and banks to ensure that it doesn’t happen again.

What Can You Do To Avoid This Scam.

1. When you ring your bank or your Telco what information do you have to give them in order to have your service changed over to another Telco? If you don’t have to provide a secret password or pin number you are at risk. Ask your bank and telco about having an extra security code that only you know, in order for any action to be taken on your accounts, after you have logged in with a password.

2. Find out where your mobile number is listed online and, if possible, have it removed. Especially Facebook, Twitter, websites and other social media where it is linked to your name. We recognize that for many small businesses this isn’t practical as you have your mobile number listed publicly everywhere - including painted on your truck - so if this is you make sure you follow the other security measures listed here very carefully.

3. For those who can, use contact forms or direct messaging services instead. Searching online for your phone number alongside your name or business name will help you to find where your number is listed.

4. Remove your birthdate from public view on online, especially social media sites like Facebook. Use a fake birthdate on social media sites to sign up. And don’t use real personal information for security questions, make up a best friends name or mothers maiden name...store it somewhere safe – offline!

5. Use hard to crack passwords – a different one for every account. If you have a lot of logins, you may choose to use a password manager, allowing just one password for all your accounts (see details at the end of this blog).

6. Use 2 step verification and log-in notifications on every account that allows it. Especially your bank accounts, Gmail, Paypal, Facebook, eBay, and iCloud. Try not to use the business mobile or email address for the second step verification - another mobile or even an App can be used. Some banks use Apps for verification (e.g. ANZ shield), and on Facebook Google and Twitter you can use the App to get a notification.

7. Make sure you have a lock on your (‘snail mail’) letter box, and keep your home street address offline. Google it alongside your name to see if it is listed anywhere. Again, we recognize that for many small businesses that may not be possible, so make sure you follow the other security measures listed here very carefully.

8. Be security conscious on Facebook and online generally: Don’t list your family names online anywhere; hide or delete if you have connected them in your Facebook profile. Hide your friends list from public and friends view, if a scammer can see your friends list they can then copy your Facebook profile to impersonate you, and then approach them as a fake you. Be careful never to accept a friend request from someone you are already Facebook friends with, it may be a duplicate. Search in Facebook for your name, has your account been duplicated?

9. Make sure your computer has not been hacked. Run anti virus software or take it to your local computer store and always install new updates on your mobile devices and computers to patch any security issues.

It’s a LOT to implement if you haven’t been careful of your security so far, but will take far less time than trying to get your identity back, your money and your accounts and your phone number.

If you are a victim of this scam

• The first you may know about it is if your phone suddenly loses it’s signal and shows as SOS available only.

• Contact your Telco, then your bank, your local police, scamwatch, acorn and change your passwords on your email account, your telephone account,Facebook, PayPal, eBay
   and your bank accounts if you can.

• If you haven’t already, then follow the above 9 points to secure your accounts.

• For help with Identity Fraud contact IDCare

• You can also contact The Australian Communications Consumer Action Network (ACCAN) if you wish to share your experience as a case study
   
• You can find out more about Facebook privacy and security settings from my step by step guide 

What about password management tools?

If you have a large number of accounts requiring passwords, you may choose to use a password manager, allowing just one password for all your accounts. All the prominent products are reviewed at these links: you need a password manager and the best password managers of 2017. Of course when using these it becomes even more important to keep that one password strong and safe.

Please Note: these companies are subject to hacking just like everyone else (see disclaimer at the end of the LastPass review in the first link), but if you manage a lot of accounts, the benefits may outweigh the risks. Only you can decide if these tools are right for your situation. If you are not sure, one solution might be to use your own manually managed passwords for key accounts (e.g. banks, Gmail, Paypal, eBay, iCloud and superannuation) and use the automated management tools to handle all the others (for many of us there are dozens of others, so it would be worthwhile)