If you have a cell phone, you are at risk as this scam is known as SIM swapping or SIM hijacking.
SIM swapping is where scammers will call your mobile carrier and convince the help desk that you need to get a new SIM card because you lost your phone or your SIM card broke.
If the scammer is successful in convincing the help desk, your cell phone service gets transferred to the attacker's SIM card, and then they are impersonating you from there on out.
Cary resident Mike Malloy almost lost $20,000 when he became a victim.
He says it happened when he was heading to lunch with friends.
"I looked at my phone. I had no signal, no bars. I reboot my phone nothing," Malloy said.
He thought it was a glitch, so once he got to work, he logged onto his computer, and all of a sudden he started getting email confirmations from his bank and ETrade about money withdraws.
He panicked as thousands of dollars were coming out of his accounts -- almost $20,000.
"My heart was in my throat as I was seeing this guy make these transactions, and it would show up...as it turned out...both of us were logged into the account at the same time," he said.
Andrew Hoog with NowSecure says scammers have enough information about you through social engineering or other data breaches to convince your mobile carrier to port your phone number to a new SIM card.
And once that happens, they can do a lot of damage.
"The way attackers monetize this is they are able to reset your passwords for your bank accounts, they are able to get into your social media accounts, and they are able to get into your primary emails accounts from there they have taken over your identity and can do pretty much anything they want," Hoog said.
Hoog says scammers find the victim to SIM swap through social engineering.
"There's an enormous amount of information they can get online, or they can buy online in the underground market," he said. "Once they have that information, they can call up and pretty much convince someone on the other end they are, in fact, you. Once they change that SIM card, they are now in control of your identity."
Hoog says the scariest part is that as a consumer, you will never know it happens until your phone goes dead.
Cell phone providers all say they have tools in place to prevent SIM hijacking, but the scam continues to happen, so you need to protect yourself.
Here are the Troubleshooter Takeaways:
- Set up email confirmation when it comes to your any of your accounts, whether it be financial, emails, or social media. You need to make sure a text to your phone number is not the only way companies validate it's you.
- Call your cell phone provider and add a unique pin number to your account that you must give to get access to your account.
- Also, be very careful about how much information you post online, scammers collect information and eventually have enough of a profile to convince someone they're you.