You may not realize it, but your mobile number holds a lot of power over your systems as it is often used by banks, email providers, social media accounts, and many other systems to verify that you are actually yourself.
These days, a lot of personal information such as names, email addresses, birthdays, partial SIN numbers, and much more can be leaked and sold on the dark web. This allows cybercriminals to buy information about you and to use that to access your systems and information.
What we’ve been seeing a lot more recently are attacks whereby a cybercriminal will call your mobile provider and use whatever information they already have about you to clear the security check and access your cellular account. Once this is done, they can change your access and essentially take over your mobile number for malicious purposes.
If a cybercriminal were to get a hold of your mobile account with your cellular service provider, not only could they access a lot of your personal information and sensitive data, but they could also use your mobile number for 2-factor authentication ultimately allowing them to access even more sensitive data that could be detrimental to your career, family, finances, and much more.
The first thing, and possibly the most effective thing you can do to prevent a mobile account hack is to call your cell provider and create a strong and unique PIN that is not connected to your birthday, SIN, address, etc. and is not already used for any other system. This will deter hackers as they will not be able to access your mobile account without it.
If you have strong and unique passwords for all of your systems, your risk of a breach lowers significantly. Many people use the same password for many systems so if a cybercriminal were to figure it out for one system, they may be able to access all systems that use that same password.
If you have troubles managing all of your strong and unique passwords, we recommend you try out a password management tool like LastPass as it generates strong passwords and stores them securely for you.
SMS-based 2FA is not secure. This method is easy to breach for cybercriminals and anyone can send a message through text to you, therefore, you can’t be 100% sure if the authentication code is legit. We suggest trying out a physical security key which can’t get hacked easily as it does not exist online where cybercriminals are able to search for vulnerabilities.
Another method that is very effective is using an authenticator app. This method generates a temporary code that you can use for 2FA or MFA and it disappears after 30 seconds to a minute, therefore not allowing cybercriminals enough time to breach it if they tried. Google and Microsoft have very secure authenticator apps, we highly suggest you use them to keep your systems more secure.