DIY

Here's An Unexpected Way To Protect Yourself From Getting Hacked

If you have two-factor authentication enabled, do this immediately.

Posted on

That's what happened to Black Lives Matter activist Deray Mckesson, whose Twitter account was hacked this week.

By calling @verizon and successfully changing my phone's SIM, the hacker bypassed two-factor verification which I have on all accounts.

They didn't need the passwords up front. They changed the SIM, reset the passwords, got the codes, reset passwords. https://t.co/oAT8MmjgnE

Hackers were able to break into the account, even though it was reinforced with two-factor authentication.

They simply needed to last four digits of my social security number to gain full access to my @verizon account. https://t.co/EHTJhkTQE3

With the last four digits of Mckesson's Social Security number, they were able to gain full access to his Verizon account and changed the SIM, which redirected texts to a different device.

The hackers didn't even need his account's passwords. They could simply reset passwords to trigger two-factor authentication.

If you use two-factor authentication, there's an easy way to prevent this type of hack.

In a blog post, the FTC's Chief Technologist Lorrie Cranor described how you can add an extra layer of security with your mobile carrier.

Verizon

You can prevent someone who is trying to impersonate you online by enabling a four-digit billing password by calling customer service at (800) 922-0204 or visiting a retail store.

T-Mobile

You can request to use a "customer care password," which is an additional password required to gain access to your T-Mobile account over the phone.

T-Mobile will text you a PIN number, then prompt you to provide that PIN number to a representative before creating the customer care password.

To enable this feature, call customer service at (877) 746-0909.

Sprint

You're good! Sprint already requests that customers set a PIN, along with security questions, when they sign up.

AT&T

You can add extra security from the myAT&T app or the AT&T mobile site.

Go to Menu > Profile > Login Information. Scroll down and tap Manage wireless passcode, then check Extra security.

Extra security requires an additional passcode when you attempt to get online access to the account, discuss the account in any retail store, or call AT&T's customer service line.