And How You Can Learn from This Mishap
How is it that the Federal Trade Commission’s Chief Technology Officer – a woman by the name of Lorrie Cranor – had her mobile phone account hijacked? Apparently, it was all too easy: Someone posing as Cranor walked into a mobile phone store posing as her, said she wanted two phone upgrades, and walked away with new iPhones, all on Cranor’s tab. Quickly discovering she had no access to her smartphone, Cranor called to inquire about it and found out that her current SIM card had been deactivated as part of the upgrade to the two new phones. The situation was eventually sorted out, but the psychological damage remains. Namely, if someone occupying that high an office can get phone-jacked at the account level, then any of us can. (Read Ms. Cranor’s account of the experience of her mobile phone account theft here.)
The Ease of ID Theft
One of the first questions Ms. Cranor asked the mobile phone rep – and most of us would ask, too – was, “How did the store employee authenticate the identity of the imposter?” Translation: How on God’s Green Earth did your employee even allow this, unless the imposter had a fake ID of me? Answer: Not all mobile phone outlets will ask for ID, especially not when making upgrades. (Turns out the thief indeed had a fake ID with their photo and Cranor’s name on it.) But, how was there any financial authentication? Shouldn’t the phone store employee have asked for a credit or debit card, double-checked ID (and perhaps asked for a second form of ID) for authentication, and then and only then, made the upgrades? How about sending an alert to the current phone to verify deactivating its SIM card, which could also act as another form of identifying individuals and authenticating the transaction or upgrade request?
Facts on ID and Technology Theft
The FTC’s own reports, ironically, show that occurrences of mobile phone account hijacking and cell phone fraud are increasing. They received 1,038 such reports in January 2013, and by contrast 2,658 reports of phone hijacking in January 2016. That’s about a 250% increase in mobile phone account theft in three years. One answer has to be that mobile phone stores crack down and implement stricter authentication methods, such as retina scan, thumb print or voice identification. Another way to beat mobile phone ID thieves is to make sure you have strict encryption keys and password-protected devices for personal and business phones and devices.
Get Mobile Device Management Now
NSI is the leader in providing managed IT services in Canada. Contact our expert IT staff at (403) 984-9001 or (780) 800-0644 or send us an email at firstname.lastname@example.org if you have any concerns about mobile device security vulnerabilities, and we will be happy to answer any and all your questions.
Have A Technology Question?