Your cell phone has become key to your online security. It’s often used as part of the authentication process to verify who you are when you can’t remember a password.
But now hackers are discovering just how easy it is to hijack your account, and use that against you.
The Federal Trade Commission is warning the number of victims has doubled in just three years. In January 2013 there were a little over 1,000 incident reports. By January 2016 that number had increased to more than 2600.
The FTC says hackers are hijacking mobile phone accounts by phishing out information on you, and then calling your mobile provider pretending to be you so they can port your number to their phone.
“So once they move your phone number to their device, they get to act as you no matter what is going on, so they may go to your bank account and put in your credentials and send the code to your phone, well now their phone, and then they’re able to log in and do anything acting as you,” said Luke Vanwingerden, the Interim VC of IT and CIO at USC Upstate.
So far the main targets have been bitcoin investors, but IT expert David Dunn with United Network Group says hackers may see something like your medical record account as equally valuable.
His message: “If a phone company can be tricked into porting your number to an unauthorized device then using a text message, SMS message, to reset a password is no longer secure.”
Instead of getting texts directly to your phone, the best way to protect yourself is to make use of apps like Google Authenticator, that generate codes but are not linked directly to your number.”
A growing number of Universities and businesses are also using a similar app called DUO.
And for extra security, make sure you have a way to remotely “wipe” your phone so if it’s stolen, the thief can’t access your information along with the authentication app.