Clark Howard: Criminals use common security features to access bank accounts

This browser does not support the video element.

DAYTON — Phone theft is on the rise across the county. But crooks aren’t just stealing your smartphone, they are stealing all the data on it too. It’s called sim swapping and once it’s done your bank accounts will likely be empty.

News Center 7 consumer adviser Clark Howard sat down with a cyber security expert who explain that this type of theft is sometimes an inside job. Phone carrier employees sell customers’ data on the dark web. Howard learned there are ways to protect yourself.

>> Protect Your Money with the News Center 7 I-Team - All This Week

Two-factor authentication is a common security feature to protect your information. Codes were sent to our phones to access our bank accounts, credit cards, and retirement funds to confirm we are logging into an account, not a thief. Now criminals are exploiting this security feature to rob you blind. It’s called sim swapping.

“What that is, is where an attacker gets control of your phone number through a couple of different ways. And they do that normally through calling the provider, switching out phones, and taking over your number,” explained former FBI analyst Willis McDonald. McDonald specializes in cyber threats.

McDonald told Howard many times criminals work with an employee at the phone company. Often thieves watch your habits and plan a sim swap attack when you’re at work or on vacation.

“One trusted person who might even be a contractor for a cell phone carrier can exploit this vulnerability to take your service away from you. And you don’t even know till you wake up the next day,” Howard said.

“That’s exactly how this works,” McDonald said.

McDonald said criminal markets offer sim swapping services that range anywhere from $900 to $10,000 depending on whose sim you’re swapping.

“Somebody like Clark Howard probably closer to the $10,000 mark. Everyday citizens, maybe $900,” McDonald said. He showed Howard examples of personal information for sale online.

Howard said there are three steps you can take to protect yourself. First, call your provider and ask for enhanced security features to be added to your account such as asking for more info before making the swap. Second, get a hardware key or token. McDonald said hardware tokens like YubiKey, or Google Titan keys allow you to use a piece of hardware to log into your account rather than passwords or text. Third, if your provider won’t let you use a hardware key, both Howard and McDonald suggest a rolling code authenticators like Microsoft or Google authenticator is the next best thing.

Version asked News Center 7 to share this link advising their customers to stay protected from sim swaps (LINK:https://www.verizon.com/about/account-security/sim-swapping)

In a statement, T-Mobile told News Center 7:

“SIM swaps are an industry-wide problem that all wireless providers are working to fight. T-Mobile invests heavily in measures designed to keep customers safe from SIM swaps and other fraudulent activities, including Account Takeover Protection, number transfer PINs, two-step verification, free scam protection with Scam Shield, SIM Protection, a security dashboard , and more. Customers can take other steps to protect their online accounts, such as using unique and strong passwords, resetting pins and passwords frequently, and being cautious with unexpected calls and texts. We’ve got some additional information outlined here. More information about SIM swaps can be found on the CTIA website here, including tips on how to protect yourself.