19 July 2018
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

749Posts 2,173,948Views 62Comments

Phone Account of FTC Chief Technologist hijacked

14 July 2016  |  3121 views  |  0

An impostor posed as Lorrie Cranor at a mobile phone store (in Ohio, nowhere near Cranor’s home) and obtained her number. She is the Federal Trade Commission’s chief technologist. Her impostor’s con netted two new iPhones (the priciest models—and the charges went to Cranor) with her number.

In a blog post, Cranor writes: “My phones immediately stopped receiving calls.” She was stiffed with “a large bill and the anxiety and fear of financial injury.”

Cranor was a victim of identity theft. She contacted her mobile carrier after her phone ceased working during use. The company rep said her account had been updated to include the new devices, and that her Android’s SIM cards had been disabled. The company replaced the SIM cards and restored use of her phones.

The company’s fraud department removed the charges but blamed the theft on Cranor.

So how does an impostor pull off this stunt so easily? Stores owned by the mobile carrier are required to ask for a photo ID and last four digits of the customer’s SSN. However, at a third party retailer, this requirement may not be in place. In the Cranor case, the crook used a photo ID of herself but with Cranor’s name—and was not required to reveal the victim’s SSN last four digits.

Cranor’s Actions

  • Changed password of online account
  • Added extra security PIN
  • Reported the theft to identitytheft.gov
  • Placed a fraud alert and got a free credit report
  • Filed a police report

Hijacking a smartphone is becoming more common, with the FTC having received over 2,600 reports just for January this year.

You may not think that this type of fraud ranks as high as other types of fraud, but it all depends on the thief and his—or her—intentions. Though the thief may only want to sell the phones for a little profit, a different kind of crook may want to hijack a phone to commit stalking or espionage. Or the thief can gain access to the victim’s text messages. If the phone is used for two factor authentication, then a thief would have access to your One Time Passwords (OTP) upon logging into a critical website. There’s all sorts of possibilities. The most important tip: add an extra security PIN to your account. This way, whether over the phone, web or in person, this “second factor” of authentication will make it harder for a thief to become you.

 

a member-uploaded image TagsSecurity

Comments: (0)

Comment on this story (membership required)

Latest posts from Robert

Are Your Employees Putting Your Company at Risk? Here’s How to Find Out!

18 May 2018  |  6366 views  |  0 comments | recomends Recommends 0 TagsSecurity

10 Internet Security Myths that Small Businesses Should Be Aware Of

11 May 2018  |  1804 views  |  0 comments | recomends Recommends 0 TagsSecurity

Mobile Phone Numbers Are as Sensitive as Your Social Security Number

19 April 2018  |  3577 views  |  0 comments | recomends Recommends 0 TagsSecurity

The Term Identity Theft Protection is Often a Lie

06 April 2018  |  7722 views  |  0 comments | recomends Recommends 0 TagsSecurity

Use a Password Manager Or You WILL Get Hacked

19 March 2018  |  4150 views  |  0 comments | recomends Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Member since 2009
739 posts62 comments

Who's commenting on Robert's posts