How To Keep Your Phone Number From Being Hijacked

How To Keep Your Phone Number From Being Hijacked

1. Institute a passcode on the account.

This is the most basic precaution. However, as several hijacking victims discovered, if the hacker finds a customer service rep who forgets to ask for it or lets other information such as address and last four of your Social suffice, then your number can be hijacked anyway. So, add a passcode to your account, but don’t rest easy after that. It helps but if the hacker talks to an unwitting customer service rep, game over.

1. Institute a passcode on the account.

This is the most basic precaution. However, as several hijacking victims discovered, if the hacker finds a customer service rep who forgets to ask for it or lets other information such as address and last four of your Social suffice, then your number can be hijacked anyway. So, add a passcode to your account, but don’t rest easy after that. It helps but if the hacker talks to an unwitting customer service rep, game over.

2. Use a mobile-carrier-specific email address to access that account.

Up till now, most likely, your phone number and your email address have been the gateway to all your other accounts. You need to stop that right now. If you follow several of the steps I outline in this story (unless you go with Google Voice), you’ll end up with at least three email addresses: your current primary one, one just for your mobile carrier, and one that you use for other sensitive accounts such as online banking or Facebook or Dropbox. That way if your primary email address gets compromised, it can’t be used to steal your phone number (and vice versa). And if your phone number gets compromised somehow, it won’t endanger your email or any of the other sensitive accounts.

However, if any of these non-phone/email accounts has a higher threat level (one of the victims watched his hacker search in his Dropbox folders for files containing the names of executives who managed the bank accounts at his former company), then you probably want to create a separate account for that as well so that if the email address you use for multiple sensitive accounts is ever breached, that one won't be as well.

If you port your main number to Google Voice, you should still separate your main email address from that used for your other sensitive accounts so if your primary email account is compromised, hackers can't get into your other accounts.

3. Disable online access to your wireless account.

Yes, this is annoying, as you’ll now have to go into the store or call to make changes but it is one less way in which a hijacker can hack your account.

4. Tell your carrier you’d like to require that changes to your account can be made only in person with photo ID.

A hacker can still pretend to be you anyway, as the Federal Trade Commission chief technologist discovered when she had her number hijacked by someone with a fake ID using her name and the hacker’s photo. But, still, it’s one more hurdle for potential hijackers.

5. Try Google Voice.

At the moment, it appears you cannot institute a “port” freeze on your number at other carriers, at least according to the Federal Communications Commission. (The major telcos and other industry organizations declined interviews.)

The only service that I am aware of that enables a “port freeze” is Google Voice. (If you are aware of others, please let me know.) When you sign up for a Google Voice number, the default is that the number is “locked” to you, as described in this blog post by Jesse Powell, chief executive officer of cryptocurrency exchange Kraken.

If you don’t want the hassle of changing phone numbers, you can forward your existing number (let’s say the last four digits are 1234) to Google Voice to receive calls and texts there. You’ll then have to sign up for a new line with your carrier for service, but you can mask your outgoing calls and texts to appear to be coming from the 1234 number. Just be sure not to ever give out or use the actual phone number that is on your wireless account and only to give out the 1234 number that is with Google Voice.

If you are a Google Fi subscriber and want to port to another carrier, the service requires you to notify it first, which then gives you a “port out” account number and password to provide to your new carrier. (I’m not sure what happens if a hijacker attempts to port it as portings are typically initiated at the new carrier, but have reached out to Google and will update when I find out.)