Mar 10, 2016, 06:43AM

Hackers Are the New Pickpockets

Experiencing a certain amount of fraud is an inevitable part of life. 

Rsz mobile phone security.jpg?ixlib=rails 2.1

I say this with love: my mother is one of the least tech-savvy people around. She still uses a flip phone, and to her, a phone is just a phone. Hers is capable of more than she uses it for, but she’s never been able to pull it off. So when her phone stopped calling out, she was in a bit of a panic.

About two weeks ago, I picked her up from work and she was very confused by the strange recorded message that kept playing when trying to call me: “Your call cannot be completed as dialed. Please power down your phone and restart it before making another call.”

Because the only person my mother had tried to call at that point was me, and we’re on a shared plan, I suggested she try calling her sister to see what would happen. When she did, she got the same message. After that, we followed the instructions—powering down her phone and then restarting it. Again, she tried calling me, then my aunt, getting the same message each time.

I wasn’t sure what to do, but my mother insisted on going back to the service provider’s store to see what they could find. I honestly wasn’t crazy about this idea, if only because I view cell phone salespeople as the one group that managed to usurp used car salespeople as the lowest form of retail life. But I didn’t have any ideas myself—she certainly wasn’t in a position to call customer service.

We were fortunate to get a very patient and knowledgeable salesman named Derrick, who upon determining that my mother’s account was current, delved deeper into her service plan and found the problem. Instead of being registered to her dinky little flip phone, my mother’s phone number was essentially stolen and now registered to a big fancy iPhone that neither of us own. He immediately got on the phone with the company’s fraud department, who then put us on hold. While we were holding, Derrick gave us a heads-up on the sort of billing mayhem to expect with this over the next few days—upgrade fees, smartphone fees, and the possibility of other use charges.

Once Derrick and my mother were able to speak directly with the fraud department, it was a pretty straightforward fix. Derrick just needed to replace the SIM card in my mother’s phone and the fraud department restored her phone number back to the phone. This was the easy part—the billing did get crazy.

My mother has figured out how to read text messages on her phone, but hasn’t learned how to send them. The cell phone company sent her a text message informing her of $150 in new charges added to her account relating to the aforementioned potential fees. This was more money than we anticipated. My mother thought she could get the fees reversed by simply calling customer service herself. Once again, going to the store proved to be easier.

Derrick was able to get a conference call together consisting of the store, fraud department, and billing department. Upon sorting out the bureaucratic mess, not only were the fees charged for the hijacked phone reversed, my mother was also given a “convenience fee refund” of $75, so our following bill is only about 30 percent of what it normally is.

We’re very happy that my mother’s tale of phone fraud had a fortunate ending. But I couldn’t help wondering how common having one’s phone number hijacked was. When I looked up “phone scams” on the website of the Illinois Attorney General, I found that all the information is largely centered on scam artists calling people, and finding ways to separate them from their cash. On another page listing consumer complaints, identity theft and “telecommunications” are listed as the second and third most common consumer complaints. So I called the hotline number to see what I could find. After holding for 12 minutes, I eventually got through. According to the person I spoke with, the Attorney General’s office only takes complaints; since my mother’s odd case of phone hijacking was already resolved, there was no reason file a complaint.

Not satisfied with that answer, I decided to see what the Federal Communications Commission had to offer. After some digging around, I found a pdf page that finally provided an answer as to what actually happened: “Every cell phone is supposed to have a unique factory-set electronic serial number (ESN) and telephone number (MIN). A cloned cell phone is one that has been reprogrammed to transmit the ESN and MIN belonging to another (legitimate) cell phone. Unscrupulous people can obtain valid ESN/MIN combinations by illegally monitoring the radio wave transmissions from the cell phones of legitimate subscribers. After cloning, both the legitimate and the fraudulent cell phones have the same ESN/MIN combination and cellular systems cannot distinguish the cloned cell phone from the legitimate one. The legitimate phone user then gets billed for the cloned phone’s calls. Call your carrier if you think you have been a victim of cloning fraud.”

Because service on my mother’s phone went out so obviously on the same day it was cloned, I guess it was a fairly quick and easy to resolve. The question now becomes preventing this in the future. The simplest advice is just locking your phone with a PIN number, and I suppose keeping your phone in “airplane mode” when you’re not using it in public might be a preventative measure. However, phone cloning is so obscure that I can’t say in good faith that this is useful advice, let alone the best advice, just the most relevant.

My takeaway from all this is that experiencing a certain amount of fraud is an inevitable part of life. As technology changes and evolves, the scam artists are changing and evolving with it. Hackers are the new pickpockets. 


Register or Login to leave a comment