Cellphone Hijacking By Identity Thieves


    Today, the New York Times ran an article titled "Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency" which mentions that "hackers have been calling up Verizon, T-Mobile U.S., Sprint and AT&T and asking them to transfer control of a victim’s phone number to a device under the control of the hackers." Once this occurs, the hackers can use the phone to gain access to the victim's various online accounts (resetting passwords, etc.).


    The article doesn't provide details of how hackers gain control of a victim's phone (likely to avoid the spread of this technique) but it does mention that accounts have been hijacked even after the victim gave advanced notice to their carrier that this was a likely threat.


    Has this happened to anyone reading this post and does anyone know what steps T-Mobile is taking to prevent this type of phone hijacking?





    NY Times Article:


      All replies

      • tidbits

        Re: Cellphone Hijacking By Identity Thieves

        There's more involved.  They would need to know things about you account and such.  Just by knowing the phone number isn't enough.  As the article is titled IDENTITY THIEVES


        They'd need to know


        telephone number

        social or pin

        or account password.


        on top of that it enable virtual wallets on new devices they'd need

        account information user/pass

        pin numbers from CC

        telephone to receive texts to setup the wallet.


        Chances are if they were robbed it was someone they know, or they were stupid enough to get caught in a fishing scam.  Not much carriers can do if the person compromised themselves.  The only way to stop something from happening once you are compromised is change your SS(contact SSA), Change your primary email, and change your telephone number once you believe you are victim of identity theft.  Then contact all accounts with these changes.  Another possibility is virtual wallet companies were hacked and didn't disclose they were in fear much like the article stated "Most victims of these attacks in the virtual currency community have not wanted to acknowledge it publicly for fear of provoking their adversaries. "

        1 of 1 people found this helpful
        • magenta2780408

          These guys stole my phone as I was using it. They took back the phone after I covered it in store, within an hour... Then called and laughed at me while I was on the phone with support. This attack was done through Twitter or through an exploit in wifi calling. When responding to me from my own hacked email, he says to me.... I never called tmobile, I simply took your phone number. He was deleting backup emails, as my yahoo address showed the alerts, and he didn't focus on the second email address enough that I kept in control of it. I have been awake since 11pm last night, as I'm still trying to get control on my Gmail. I don't have the same password for anything... This guy was a pro and used the spoofed phone to hijack everything I hold dear. Google has blame too, since I should have been alerrrsyto a new device being logged into Gmail.... This guy got around all of that.... Him or his crew bragged on Twitter about it under the handle @twitte. This technique is very sophisticated... The guy who did it was Scottish.