You’re probably familiar with terms like “identity theft” and “online fraud,” which are just shorthand ways of describing instances where a fraudster attempts to gain access to or misuse a person’s information (such as by opening new credit accounts or taking over an existing account). These fraudulent activities can potentially be very harmful. That’s why everyone should be aware of common fraud schemes, know how to take simple steps to help protect their online security, and know how and where to get help if they need it.
Common Fraud Schemes
Never underestimate what fraudsters can do or what they will try. For example, a fraudster might attempt to log-in to an online account (such as a T-Mobile account, bank account, or email account) using passwords compromised from a breach of some other online account – assuming the potential victim has re-used the compromised password for multiple accounts. Similarly, the fraudster might simply try to obtain the password directly from the potential victim or the account provider through various techniques, such as:
- Phishing or SMShing: A technique where fraudsters send an e-mail or text message that appears to be from a legitimate source to con individuals into providing personal information (e.g., email address, passwords, etc.) directly, or by visiting a bogus website. T-Mobile will never ask you to confirm or verify your sensitive personal information in an unsolicited e-mail or text.
- Infected Malware, Apps, Etc.: A technique where fraudsters con individuals into visiting a website or downloading an app, malware software, or other download that appears to be from a legitimate source. Once the malware is on the device, it collects personal data.
- Pretexting: A technique where a person poses as someone else to gain access to account information. One common pretexting scheme involves impersonation based on information the fraudster knows about the potential victim.
- Man-in-the-middle attacks: A technique generally involving a fraudster’s interception of information intended for someone else. This might occur in connection with other techniques mentioned. For instance, the interception might occur through malware the fraudster placed on your device. Or it might occur as a result of a phishing effort that leads you to a fake website that looks like a legitimate site (e.g., your bank’s website) and that captures credentials you intended to enter on the legitimate site.
There are many simple steps you can take to help protect yourself online – whether on your T-Mobile account or on other accounts. Although there is no way to completely ensure online safety, some things to consider are:
- One of the best ways to protect yourself from online fraud is to always remain vigilant and monitor your online accounts, bank statements, and credit report on a regular basis for unauthorized activity.
- Learn how your online accounts work and take charge of your security settings. For example, understand how your identity is authenticated by the applications and online platforms you use and what choices for authentication are made available to you.
- Password Security: Use strong passwords with a combination of letters, numbers, and special characters for your T-Mobile ID and other accounts. Change your passwords periodically and anytime there is even a hint of misuse. Do not reuse passwords you’ve used for other sites. Do not give others your passwords or provide them via phone or email. To re-set your T-Mobile ID password: https://support.t-mobile.com/docs/DOC-5944 To reset your Customer Care Pin/Passcode: https://support.t-mobile.com/docs/DOC-37477 To reset your Voicemail password: https://support.t-mobile.com/docs/DOC-1171#fourthheading
- Two-Step Verification: Apply two means of identification on accounts where you can, including on your My.T-Mobile.com account. To add two-step verification to your My.T-Mobile.com account visit: https://support.t-mobile.com/docs/DOC-2727#heading4 For other accounts, review the security options offered by the account provider.
- SIM Security: Place a security PIN on your Universal Integrated Circuit Card (UICC) in your T-Mobile device. Your UICC contains your Subscriber Identity Module (SIM) card and is primarily used to authenticate a phone on the network and can be used to store subscriber-related information including phone numbers, service details, and in some cases, text messages. In the event your device is lost or stolen, a SIM PIN can protect the SIM in your device from being re-used in another device by requiring confirmation of the correct PIN. To set a UICC security PIN: https://support.t-mobile.com/docs/DOC-7756#sim_pin
- Report Lost/Stolen Devices: To prevent unauthorized access to a lost or stolen T-Mobile device, suspend your account as soon as possible. We recommend using Android Device Manager, Find My iPhone, iCloud, or Lookout to remotely lock, locate, or wipe your device. To suspend your T-Mobile account: https://support.t-mobile.com/docs/DOC-1211 or call Customer Service at 611 (from a T-Mobile phone) or 1-800-937-8997 (from any phone).
- Report Suspected SMShing/Phishing: Never confirm or verify your sensitive personal data or account information in response to an unsolicited e-mail, text, or inbound call. T-Mobile will never send you a request for such information, and you should only provide such information to T-Mobile or any other account provider when you have initiated the contact to a known, reliable contact number or address. Report any suspicious emails or SMS messages that appear to be from T-Mobile. Attach a copy of the suspicious messages in an email to Privacy@T-Mobile.com so we can investigate. If our company name or brand is used in efforts to fraudulently obtain personal information, we will work aggressively to halt those activities.
- Anti-Malware Software: Always keep your anti-malware software up-to-date by allowing the software to update its file of known issues (called signatures). To download McAfee Security for T-Mobile or Metro by T-Mobile: https://tmobile.mcafeemobilesecurity.com/
- Wi-Fi Security: Be cautious when using public Wi-Fi. Most public Wi-Fi hotspots don’t encrypt the information you send over the internet and are not secure. Avoid sending passwords, credit card numbers, or other financial information over a public Wi-Fi network and only visit secure websites containing a URL that starts with “HTTPS://”. If you are using your smartphone, tablet, or PC as an access point for other devices to connect to the Internet, always enable Wi-Fi Protected Access (WPA): https://support.t-mobile.com/docs/DOC-14950
If you believe you have been impacted by any form of online fraud, you may want to:
- Call your account providers, including your financial institutions and wireless provider, change your passwords, and take additional steps they may recommend.
- File a report with the FTC.
- File a police report with your local authorities.
- Place a fraud alert on your credit report with one of the three credit bureaus - which will place the alert on all three bureaus (or consider placing a credit freeze – which requires that you place the freeze on all three bureaus separately) - at Experian, Equifax, and TransUnion.
- Report unauthorized account activity directly to the companies where you believe fraud has occurred. To report unauthorized T-Mobile activity, immediately contact Customer Care by dialing 611 from your T-Mobile phone or 1-800-937-8997 from any other device. T-Mobile will fully cooperate with any investigation undertaken by law enforcement. For legal document requests, please forward a subpoena or court order to: T-Mobile Law Enforcement Relations Group 4 Sylvan Way Parsippany, NJ 07054 Fax: 973-292-8697
- File a FACTA Request. Under the Fair and Accurate Credit Transactions Act (FACTA), you have a right to access and receive information related to suspected identity theft. To obtain this information from T-Mobile, you must send us the following items: (1) a copy of a police report that has been filed regarding the identity theft; (2) a completed FTC or T-Mobile affidavit; (3) a copy of a state-issued picture ID or driver’s license; and (4) a letter requesting the specific documentation in writing. Most frequent requests include copies of bills, credit applications, or shipping requests. Please note, copies of video surveillance require a legal document request. Please mail or fax a copy of each of these to the following address or fax number:
Attn: Fraud Management/FACT
12819 SE 38th Street #89
Bellevue, WA 98006
Fax: (813) 353-6262
There’s a lot of great information available from government agencies and others about identity theft and online safety. A few sites we recommend include: