A new type of phone theft is on the rise. Instead of stealing phones directly from you, thieves impersonate you to get brand new smartphones from your cellular carrier and stick you with the bill. Here’s what’s going on.
What Is Account Hijacking?
Outright smartphone theft is getting harder to pull off and less lucrative. We’re more careful with our phones than we used to be and—starting with the iPhone—more smartphones offer encryption and lost phone tools out of the box. So, some criminals have adopted a new tactic. Instead of messing with stolen phones and worrying about activation problems, they pose as you and order new phones on your account.
The scam works well for a variety of reasons. The criminal gets to take advantage of any phone deals your account is eligible for, paying as little as possible up-front (perhaps, even nothing at all), and you may not notice until it’s too late. Upgrading your existing lines is the more noticeable method because your phones stop working, so some criminals add new lines, instead. With that route, you may not realize what’s happened until the next bill comes. And, if you have your phone bill set up for automatic payment, you could miss it for longer than that.
In some cases, the point isn’t to steal phones. Criminals may upgrade your lines as a means to take your number through SIM swapping. Your phone number is transferred to a phone they have, which they can then use to hijack any accounts that rely on your phone number as a recovery option.
How Criminals Hijack Cell Phone Accounts
At this point, you might wonder how a criminal can buy smartphones with someone else’s account. Unfortunately, we’ve discovered more than one answer to that question.
Sometimes, the perpetrator steals your identity, creates a fake ID with your name and his photo, and then goes to a retail store to buy the phones. You might think that method could only occur close to where you are but, as Lorrie Cranor, a former chief technologist for the FTC found out, that’s not the case at all. She discovered her phones turned off after someone posing as her, multiple states away, upgraded her lines to new iPhones. You can find similar complaints on phone carriers’ forums as well.
In 2017, Cleveland police arrested three men after linking them to $65,000 worth of cell phone theft, mostly through the use of fake IDs.
In other cases, simple phishing tactics are at play. In early 2019, Verizon customers in Florida started receiving calls about suspected fraud. The representative told the victims they needed to verify their identity and, to do so, Verizon would send a PIN. They would then need to read the PIN to the person on the phone.
But the person on the phone wasn’t an employee from Verizon. It was the fraudster the victim had just been warned about. In this case, the thief generated an actual Verizon PIN, most likely by using the account recovery process. When the victim received the PIN and handed it over, they gave the criminal the very details they needed to get into the account and order new smartphones. Thankfully, Verizon employees noticed other red flags and called the police, but that doesn’t always happen.