FTC’s chief technologist was victim of Id theft, someone hijacked her phone number

The FTC’s chief technologist gets her mobile phone number hijacked, she shared her experience of a victim of such kind of Id Theft.

The incident that I’m going to tell you is worrisome, the US Federal Trade Commission’s chief technologist Lorrie Cranor gets her phone number hijacked. The FTC’s chief technologist was hacked by someone posing as her went into a mobile phone store and hijacked her number.

Lorrie Cranor described the what happened in a blog post, a few weeks ago an unknown person walked into a mobile phone store, claimed to be the FTC’s chief technologist and requested an update for Cranor’s mobile phones. The criminal obtained in this way two brand new iPhone devices assigned to her telephone numbers.

“A few weeks ago an unknown person walked into a mobile phone store, claimed to be me, asked to upgrade my mobile phones, and walked out with two brand new iPhones assigned to my telephone numbers. My phones immediately stopped receiving calls, and I was left with a large bill and the anxiety and fear of financial injury that spring from identity theft.” said Lorrie Cranor.

The Cranor’s mobile devices immediately stopped working, the FTC’s chief technologist was clearly a victim of ID theft.

“One evening my mobile phone stopped working mid call. After discovering that another phone on my account also had no signal, I called my mobile carrier on a landline phone. The customer service representative explained that my account had been updated to include new iPhones, and in the process the SIM cards in my Android phones had been deactivated. She assumed it was a mistake, and told me to take my phones to one of my mobile carrier’s retail stores.” continues the FTC’s chief technologist.

“The store replaced my SIM cards and got my phones working again. A store employee explained that a thief claiming to be me had gone into a phone store and “upgraded” my two phones to the most expensive iPhone models available and transferred my phone numbers to the new iPhones.”

The most disconcerting part of the story is the response of the mobile carrier, below the description provided by the victim.

“I called my mobile carrier’s fraud department and reported what happened. The representative agreed to remove the charges, but blamed the theft on me. When I asked how the store authenticated the thief, he told me that employees of stores owned by the mobile carrier would have asked for the account holder’s photo ID and the last four digits of their social security number, but if the theft occurred at another retailer, that might not have happened.”

Unfortunately, this kind of crimes is increasing, for this reason, it is desirable that the unnamed carrier involved in the incident will provide the paperwork filed by the criminal to hijack the Cranor’s mobile number.

Clearly the thief used Cranor’s counterfeit documents, the iPhones were acquired at a retail store in Ohio, which is far from the Cranor’s residency.

In January 2013, the FTC received 1,038 claims for mobile hijacking, this kind of practice accounts for about 3.2 percent of all the identity thefts reported that month to the FTC. By January 2016, the FTC received reports of 2,658 hijacks, representing 6.3 percent of identity thefts that month.

The situation is getting worse because the number of claims reported to the FTC reached 2,658 hijacks in the same period of 2016.

“Records of identity thefts reported to the FTC provide some insight into how often thieves hijack a mobile phone account or open a new mobile phone account in a victim’s name. In January 2013, there were 1,038 incidents of these types of identity theft reported, representing 3.2% of all identity theft incidents reported to the FTC that month. By January 2016, that number had increased to 2,658 such incidents, representing 6.3% of all identity thefts reported to the FTC that month.  Such thefts involved all four of the major mobile carriers.” states the Cranor’s post.

Such kind of crimes could have different motivations, attackers could operate for profits reselling the victims’ mobile devices or could spy on their victims.

Cranor explained that ID theft victims can access the Federal Trade Commission’s identitytheft.gov website to report the crime and receive detailed instructions to regain possession of their identity.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – ID theft, phone number hijacking)