ONLINE SAFETY

Resources for identity theft and internet fraud prevention.

You’ve probably heard terms like “identity theft” and “online fraud,” which are shorthand ways to describe when someone attempts to gain access to or misuse a person’s information—such as opening new credit accounts or taking over an existing account. These fraudulent activities can be harmful. To protect yourself and your data, you can familiarize yourself with common fraud types, the simple steps you can take to protect your online security, and how to get additional help if you need it.

Common fraud
types

Safety tips

Safety tools

Help & resources

Common fraud types

Fraudsters will try anything to gain access to your information. For example, they might attempt to log in to an online account (such as a T‑Mobile account, bank account, or email account) using passwords they obtained from another source (like a breach of some other online account). Similarly, they might try to obtain the password directly from the potential victim or the account provider through various techniques, such as:

Phishing or SMShing

Fraudsters send an e-mail or text message to con someone into providing personal information (e.g., email address, passwords, etc.) directly or by visiting a bogus website. T‑Mobile will never ask you to confirm or verify your sensitive personal information in an unsolicited e-mail or text.

Malware

Fraudsters con someone into visiting a website or downloading an app, malware software, or file that appears to be from a legitimate source. Once the malware is on the device, it collects personal data.

Man-in-the-middle attacks

A technique involving interception of information intended for someone else. This might happen in connection with other techniques. For instance, the interception might occur through malware the fraudster placed on your device, or as a result of a phishing effort that leads you to a fake website that captures information you intended to enter on a legitimate site.

Pretexting

A person poses as someone else to gain access to account information. One common pretexting scheme involves impersonation based on information the fraudster knows about the potential victim.

Account takeover schemes

A fraudster tries to transfer your phone number to a device they control. This generally happens either by switching your phone number to another carrier or changing the SIM card assigned to your phone number.

Customers have legitimate reasons to do both—for example, you may need to change your SIM card if you lose your phone. But fraudsters try to misuse these functions to gain control of your phone number and impersonate you, which may help them access your online accounts (like email and online banking). Find more information here.

Safety tips

There are many simple steps you can take to help protect yourself online—whether on your T‑Mobile account or other accounts. One of the best ways to protect yourself from online fraud is to remain vigilant and monitor your online accounts, bank statements, and credit reports regularly for unauthorized activity. Learn how your online accounts work and take charge of your security settings. For example, understand how the applications and online platforms you use authenticate your identity and what choices you have for authentication.

There’s is no way to completely ensure online safety, but here are some considerations:

Password security

Use strong passwords with a combination of letters, numbers, and special characters for your T‑Mobile ID and other accounts. Change your passwords periodically and anytime there is even a hint of misuse. Don't reuse passwords you’ve used for other sites. Don't give others your passwords or provide them via phone or email.

Reset your T‑Mobile ID password here.
Reset your Customer Care Pin/Passcode here.
Reset your Voicemail password here.

SIM security

Place a security PIN on your Universal Integrated Circuit Card (UICC) in your T‑Mobile device. Your UICC contains your Subscriber Identity Module (SIM) card and is primarily used to authenticate a phone on the network. Your UICC can be used to store subscriber-related information, like phone numbers, service details, and, in some cases, text messages. If your device is lost or stolen, a SIM PIN can protect the SIM in your device from being re-used in another device by requiring confirmation of the correct PIN.

Set a UICC security PIN here.

Report suspected phishing or SMShing

Never confirm your sensitive personal data or account information in response to an unsolicited email, text, or inbound call. T‑Mobile will never send you a request for such information, and you should only provide that information to T‑Mobile or any other account provider when you have initiated contact to a known, reliable number or address.

Report any suspicious emails or SMS messages that appear to be from T‑Mobile. Attach a copy of the suspicious messages in an email to Privacy@T‑Mobile.com so we can investigate. If our company name or brand is used in efforts to fraudulently obtain personal information, we’ll work aggressively to halt those activities.

Wi-Fi security

Be cautious when using public Wi-Fi. Most public Wi-Fi hotspots aren’t secure enough and don’t encrypt the information you send over the internet. Avoid sending passwords, credit card numbers, or other financial information over a public Wi-Fi network and only visit secure websites containing a URL that starts with “HTTPS://”. If you’re using your smartphone, tablet, or PC as an access point for other devices to connect to the internet, always enable Wi-Fi Protected Access.

Two-step verification

Apply two types of identification on accounts where you can, including on your My.T‑Mobile.com account. Add two-step verification to your My.T‑Mobile.com account here. For other accounts, review the security options offered by the account provider.

Report Lost or stolen devices

To prevent unauthorized access to a lost or stolen T‑Mobile device, suspend your account right away. Log into My.T‑Mobile.com or call Customer Care by dialing 611 from your T‑Mobile phone or 1-800-937-8997 from any other device. Then use Android Device Manager, Find My iPhone, iCloud, or Lookout to remotely lock, locate, or wipe your device.

Find a detailed lists of steps to take here.

Anti-malware software

Always keep your anti-malware software up to date by letting the software update its file of known issues, called signatures.

Download McAfee Security for T‑Mobile or Metro by T‑Mobile here.

Safety tools

Along with following online safety tips, there are additional ways to protect yourself and keep your personal data secure. T‑Mobile offers safety tools provided by T‑Mobile that help with preventing account takeovers, spam calls, and more.

Account Takeover Protection

Account Takeover Protection, a free feature for T‑Mobile, T‑Mobile for Business, T‑Mobile Postpaid, and Sprint customers, adds protection steps before your phone number can be ported to another carrier. See how.

Scam Shield™

Prevention is key in protecting yourself from scams. T‑Mobile's Scam Shield gives you the tools to stop scammers from ever contacting you with protections like Scam Block and Caller ID. See how.

PROXY™ by DIGITS

PROXY gives you an extra number to use when you don’t want to share your private phone number. Calls, voicemails, and texts are accessible any time in the DIGITS app. Visit the Scam Shield website to learn more.

Number Change

You can change your phone number—for any reason—up to one time per year at no extra charge. Visit the Scam Shield website to learn more.

Help & resources

If you believe you’ve been impacted by any form of online fraud—including an identity theft incident or a data breach of your personal information—you should:

File initial reports

Call your account providers, including your financial institutions and wireless provider, change your passwords, and take additional steps they may recommend.

File a report with the FTC.

File a police report with your local authorities.

Check with your state Attorney General for resources particular to your state.

Place a fraud alert on your credit report

Contact one of the three credit bureaus—Equifax, Experian, or TransUnion. Whichever bureau you alert will notify the other bureaus of your fraud alert. Also consider placing a credit freeze—which requires you to contact all three bureaus separately—or a credit lock. Both prevent others from taking out credit in your name without your knowledge. Find more information through Equifax, Experian, or TransUnion. See how.

Report unauthorized account activity

Report directly to the companies where you believe fraud has occurred. To report unauthorized T‑Mobile activity, immediately contact Customer Care by dialing 611 from your T‑Mobile phone or 1-800-937-8997 from any other device.

T‑Mobile will fully cooperate with any investigation undertaken by law enforcement. For legal document requests, please forward a subpoena or court order to: T‑Mobile Law Enforcement Relations Group, 4 Sylvan Way, Parsippany, NJ 07054. Fax: 973-292-8697

File a FACTA request

Under the Fair and Accurate Credit Transactions Act (FACTA), you have a right to access and receive information related to suspected identity theft. To obtain this information from T‑Mobile, you must send us the following items:

A copy of a police report that has been filed regarding the identity theft
A completed FTC affidavit
A copy of a state-issued picture ID or driver’s license
A letter requesting the specific documentation in writing

Most frequent requests include copies of bills, credit applications, or shipping requests. Please note, copies of video surveillance require a legal document request. Please mail or fax a copy of each of these to the following address or fax number:

T‑Mobile
Attn: Fraud Management/FACT
PO Box 90880
Allentown, PA 18109

Fax: 813-353-6262

Additional resources

There’s a lot of great information available from government agencies and others about identity theft protection and online safety. We recommend:

Explore more resources.

Learn about T‑Mobile's data-collection practices.

Go to data transparency

See how you can manage your data-sharing preferences.

Go to data-sharing