Previous All Posts Next

Mobile Account Hijacking: A New Identity Theft Threat

Posted: June 28, 2016 to Cybersecurity.

Tags: Compliance, Data Breach, Malware

By hijacking mobile phone accounts, identity thieves have found a new and easy way to make money. This new technique is a form of money laundering, because the thieves take over the mobile account so that they can order equipment like news phones to your account, then turn around and sell them. According to the Wireless Association, CITA, while carriers are training customer service representatives on how to spot the fraud, they also have procedures that are meant to thwart it. Carriers use identifying credentials like passwords when subscribers activate a new device, make account changes, or to authenticate other transactions. All four major carriers have seen an increase in this type of identity theft over the past several years. According to the FTC’s complaint database, there were 1,038 instances of mobile account hijacking in January of 2013, while this past January the number had more than doubled to 2,658. Since wireless companies typically take the loss for stolen equipment, the real problem with this form of identity theft comes not when a thief orders new phones then sells them, but when they order new phones and keep them. With the security of two-factor authentication being more common for online accounts, financial ones in particular, hijacking mobile phone accounts is all the more troubling. Two-factor authentication only works because of the assumption that you are in possession or control over your phone. Criminals are finding it more difficult to counterfeit credit cards thanks to chip enabled cards and are having to find other ways to use that information to make money. Taking over someone’s phone not only gives thieves access to bank accounts, it also allows them to download mobile payment apps. By using the stolen credit card and having taken over the victim’s mobile device when an authentication code is sent, the criminal is the one that receives it. Wireless companies are eager to find a solution to this problem as they are the ones who are typically on the hook for stolen equipment, but there is an easy way to make it more difficult for someone to take over your account. All four major carriers have the option to add either a PIN or password that is required before any change can be made to your mobile account. This simple step could keep your account from being hijacked and save you a lot of time and frustration.

Related Resources

Learn more about how Petronella Technology Group can help:

Need help implementing these strategies? Our cybersecurity experts can assess your environment and build a tailored plan.
Get Free Assessment
Explore Our Services
Cybersecurity AI Services Compliance HIPAA CMMC Managed IT

Related Articles

NIST CSF 2.0: What Changed, Why It Matters, and How to Update Your Cybersecurity Program [Video + Guide] NIST CSF 2.0: What Changed, Why It Matters, and How to Update Your Cybersecurity Program [Video + Guide] Incident Response Planning: Build a Cyber Incident Response Plan That Actually Works in 2026 [Video + Guide] Incident Response Planning: Build a Cyber Incident Response Plan That Actually Works in 2026 [Video + Guide] Email Security for Business: Stop Phishing, BEC, and Email-Based Attacks Before They Cost You Millions [Video + Guide] Email Security for Business: Stop Phishing, BEC, and Email-Based Attacks Before They Cost You Millions [Video + Guide] Network Segmentation Guide: How to Contain Breaches and Protect Critical Systems with Proper Network Design [Video + Guide] Network Segmentation Guide: How to Contain Breaches and Protect Critical Systems with Proper Network Design [Video + Guide]

About the Author

Craig Petronella, CEO and Founder of Petronella Technology Group
CEO, Founder & AI Architect, Petronella Technology Group

Craig Petronella founded Petronella Technology Group in 2002 and has spent more than 30 years working at the intersection of cybersecurity, AI, compliance, and digital forensics. He holds the CMMC Registered Practitioner credential (RP-1372) issued by the Cyber AB, is an NC Licensed Digital Forensics Examiner (License #604180-DFE), and completed MIT Professional Education programs in AI, Blockchain, and Cybersecurity. Craig also holds CompTIA Security+, CCNA, and Hyperledger certifications.

He is an Amazon #1 Best-Selling Author of 15+ books on cybersecurity and compliance, host of the Encrypted Ambition podcast (95+ episodes on Apple Podcasts, Spotify, and Amazon), and a cybersecurity keynote speaker with 200+ engagements at conferences, law firms, and corporate boardrooms. Craig serves as Contributing Editor for Cybersecurity at NC Triangle Attorney at Law Magazine and is a guest lecturer at NCCU School of Law. He has served as a digital forensics expert witness in federal and state court cases involving cybercrime, cryptocurrency fraud, SIM-swap attacks, and data breaches.

Under his leadership, Petronella Technology Group has served 2,500+ clients, maintained a zero-breach record among compliant clients, earned a BBB A+ rating every year since 2003, and been featured as a cybersecurity authority on CBS, ABC, NBC, FOX, and WRAL. The company leverages SOC 2 Type II certified platforms and specializes in AI implementation, managed cybersecurity, CMMC/HIPAA/SOC 2 compliance, and digital forensics for businesses across the United States.

CMMC-RP NC Licensed DFE MIT Certified CompTIA Security+ Expert Witness 15+ Books
Related Service
Protect Your Business with Our Cybersecurity Services

Our proprietary 39-layer ZeroHack cybersecurity stack defends your organization 24/7.

Explore Cybersecurity Services
Previous All Posts Next
Free cybersecurity consultation available Schedule Now