Identity Theft Prevention from Cell Phone Call Records for Sale
Here's an important update to a previous, related
article on cell phone data and identity theft.
A common method for obtaining cell phone records known
as "pretexting," involves a data broker pretending to
be a cell phone's owner and tricking the wireless
phone provider into providing private calling
information without your consent or knowledge.
This tricking of a wireless service company is known
Pretexting for financial data is illegal, but laws
evidently do not cover it's use for fraudulently
obtaining wireless phone records. Unfortunately,
there are as many as 40 separate
data brokers who traffic private calling record
information. Of that group, there's a few of those
firms who even claim on their websites the ability to
secure your information in as little as 2 hours of a
request by any unauthorized individual willing to
supply credit payment via their on-line form.
In a story reported last week, the FBI ran a test
against one of those data brokers known by their
commercial website, Locatecell.com. The FBI paid
Locatecell.com $160 to buy the records for an agent's
cell phone and received the list within three hours.
So, beyond the compromise of the FBI agent's cell
phone calling & billing information, this data broker
placed any confidential sources recently called by the
FBI also at risk.
Imagine, other unlikely identity thieves having
unauthorized access to your cell phone records and the
damage which could be done:
- Employers can check whether a worker is calling a
competitor, perhaps looking for a new job.
- Suspicious spouses can see if their husband or wife
has been calling a paramour lately.
- Or, how about the stalker who just wants to
harass or track down his next victim using wireless
call records in sort of a sick version of social networking.
If on-line data brokers are acquiring their information
by accessing customers on-line accounts, they might
also have access to the individuals billing address, credit
card information, and even their social security number.
These pieces of personal information are so often used in
security verification for other services that possessing this
data would put the on-line data broker in complete
control of the individuals electronic identity.
As for as we've been able to uncover, there is NO
consumer disclosure requirement for the wireless
companies to notify you if an unauthorized person
(e.g, the "identity thief") gained access to your
personal information due to a security breach.
This lack of a consumer disclosure requirement
stands in contrast to the financial services industry.
So, our tip for today is to take steps to protect your
privacy with your wireless provider:
- Change the often times standard account password,
consisting of the last 4 digits of your social
security number (SSN), to something much more obscure
- Establish a secondary account security password in the
form of a personalized question and answer only known
We researched this option with a leading wireless
provider recently and found their service representative
very helpful in quickly instituting the changes. In that
instance, we learned not only could you institute a customized
secondary security question with an answer consisting
of least 20 alpha numeric characters, but that this action
also instantly takes effect in the form of a "special alert" flag
through out that wireless provider's customer service
Thus, anytime anyone is attempting to access that
particular wireless subscriber's record, the customer
service representative recieves a bold, blinking notice on
screen to request two sets of authentication from the
caller attempting to gain access.
Finally, we would recommend you change your account
passwords on at least a quarterly basis.