It’s the digital security training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.
AT&T now offers more defense against phone number theft
AT&T just implemented a new feature called Wireless Account Lock, which allows users to disable several changes to their accounts to lower the risk of phone number hijacking. Because you likely use your phone number to log into financial services, your phone number is extremely valuable for fraud and even stealing cryptocurrency. Attackers will typically impersonate a targeted customer and convince someone working for the company that they have just gotten a new phone and would like their phone number ported over to their new device. This attack, sometimes called SIM swapping, allows an attacker to also intercept two-factor authentication codes sent via text messages, allowing them to more easily break into online accounts. Read more.
What you can do
- Enable protection against phone number theft. Search to learn if your phone carrier supports a feature to disrupt SIM swapping. AT&T users, follow the instructions here to get started with Wireless Account Lock. T-Mobile users and Verizon users can similarly enable SIM swap protection from their respective websites or apps. If your phone provider does not offer this feature, you may also be able to ask a customer service representative to manually add a PIN to your account. Note that this isn’t bulletproof because they can still override your PIN.
- Use stronger two-factor authentication methods. If your phone number can be hijacked, so can the 2FA codes you use to log into websites. Read our guide to compare a few different methods and how to set them up.
Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.
Best,
Martin
–
Martin Shelton
Deputy Director of Digital Security
Freedom of the Press Foundation
