Hackers like to steal you mobile phone number

Hackers have discovered that one of the most central elements of online security, the mobile phone number, is also one of the easiest to steal; and it's is an increasingly growing problem, the New York Times reports.

In a growing number of online attacks, hackers have been calling up Verizon, T-Mobile U.S., Sprint and AT&T and asking them to transfer control of a victim’s phone number to a device under the control of the hackers.

Once they get control of the phone number, they can reset the passwords on every account that uses the phone number as a security backup — as services like Google, Twitter and Facebook suggest. 
In January 2013, the Times says, there were 1,038 incidents of this type reported to the Federal Trade Commission; by January 2016, that number had well more than doubled, to 2,658.

Most victims of these attacks in the virtual currency community have not wanted to acknowledge it publicly for fear of provoking their adversaries. But in interviews, dozens of prominent people in the industry acknowledged that they had been victimized in recent months.

“Everybody I know in the cryptocurrency space has gotten their phone number stolen,” said Joby Weeks, a bitcoin entrepreneur. 

Weeks lost his phone number and about $1 million worth of virtual currency late last year, despite having asked his mobile phone provider for additional security after his wife and parents lost control of their phone numbers. In some recent cases, hackers have managed to commandeer accounts even when victims know they’re being actively targeted and have alerted their carriers, the NYT adds.

As Wired recently observed, your mobile number is your all-purpose, universal ID, tying you together. You might have different usernames and passwords on different sites, but Amazon, Facebook, and Twitter all have the same phone number for you that your bank and health insurance company do.

Think about how many times you give out your number in a given year, or even a given month. Every time you shop somewhere, every time you sign up for a website, every time you fill out a form at a doctor’s office, every time you apply for a job, every time you start texting someone about a date, your mobile number is in hundreds of hands and thousands of databases, and from there it can be extremely easy to lose or steal.

Experts both Wired and the New York Times spoke with stressed that the vulnerability of the common phone number is basically a surprise side-effect of the digital world we’ve built. And the weakest link, as is common, is human nature.

Companies like Verizon can put notes on an account, and put security procedures in place, to try to prevent this kind of attack. And to a large extent, they do. But the people on the other end are still fallible.

Attackers “will sit and call 600 times before they get through and get an agent on the line that’s an idiot,” one victim told the NYT, delivering “sob stories” about “an emergency that required the phone number to be moved” until someone believes them.

If your number is unfortunately stolen and used for this kind of fraud, you can hit up the checklist at IdentityTheft.gov to notify the appropriate authorities and start putting your life back together.