With the development of the technology and the software world, a proportional development can be observed among the ways in which the aforementioned two elements could be exploited and turned against the user for the sake of some anonymous criminal’s profit. Hackers are ceaselessly trying to come up with new and more advanced and effective ways to hack into your computer or phone, steal your information, blackmail you or simply damage your device for whatever reason. Therefore, one would think that each newer threat would be more elaborate than the previous one. Well, in the current instance, this is not going to be the case.
Mobile number provides full access to online accounts
Recently, hackers have found a way to exploit one simple, yet extremely essential aspect of owning a mobile device – your phone’s number. The premise is simple yet highly effective and threatening: all the online crooks would need to do in order to gain full access to some of your online accounts and profiles would be to persuade the mobile operator that you are using to transfer your phone number to another device. The reason why this would work has to do with the fact that a lot of applications and websites (Facebook/Messenger, Twitter, Coinbase, etc) require users to link their phone numbers to their profiles as a way to provide a second level of security. While on theory this might have sounded like a good idea, the said method has backfired on more than one occasion. All a hacker would need to do after they have managed to transfer your phone number to another device (owned by them) would be to simply use the Forgotten Password setting in order to reset your accounts’ passwords granting them full control of the targeted account. From that point on, you’d have absolutely no control over what happens to your profiles.
The issue
Here, you might be thinking that this is unlikely to happen since there are identification protocols and such number transfer would be nearly impossible if the hacker cannot identify themselves as the rightful owner of the number (which they are not). However, the statistics show the opposite: even though the number of this sort of attacks isn’t so high yet (a bit over 2600 by January last year according to chief technologist at the Federal Trade commission), there is still a steady growth in the exploitation of this insidious scheme. Normally, the way those virtual terrorists manage to transfer the user’s phone number is by presenting the mobile service operator with a made up story expressing the urgency of making the transfer (in other words, a sob story). While most of the times this would be unsuccessful, every now and then, the hackers would stumble upon a gullible operator agent who would get persuaded to carry out the transfer without requiring the necessary authentication or by being provided with false details.
Victims of the scheme
A probable reason why the victims of this illegal scheme aren’t so many is because hackers who utilize this method normally target persons who are owners of substantial amounts of virtual currencies such as Bitcoins or public figures who might have sensitive data on their profiles which would provide the criminals with substantial leverage for blackmailing. For example, this can be extremely problematic if the crooks manage to get their hands on one’s Bitcoin wallet (for example, Coinbase). All of the user’s virtual currency could get extorted and since online currency transactions are designed to be irreversible, the money would be gone for good as soon as the hacker extracts it. This poses a serious threat to owners of big amounts of cyber-currency since those seem to be the most commonly targeted victims. The good news is that this extortion method is unlikely to be used against regular users who do not have online accounts of high-value. Nevertheless, it is important for mobile operators to update and improve their protocols and tighten the protection levels of their services since the longer this security gap stays open, the greater this issue would become. So far, the improvements that are being made in that direction are not yet satisfactory enough and still leave the possibility of exploiting the phone number transfer scheme. Therefore, new users who seek to open a virtual currency wallet must be warned about the potential dangers that this might represent for their money.
