It’s easier than you might think. Phone numbers can be found anywhere – thanks in part to so many data breaches.
Often, hackers will find the cell phone number of their target floating around the internet (or from a phone bill in the garbage), and call up their carrier impersonating the customer. With a few simple questions answered — often little more than where a person lives or their date of birth, they ask the customer service representative to “port out” the phone number to a different carrier or a SIM card.
That’s it. As soon as the “port out” completes, the phone number activates on an attacker’s SIM card, and the hacker can send and receive messages and make calls as if they were the person they just hacked.
In most cases, the only sign that it happened is if the victim suddenly loses cell service for no apparent reason.
From there, it’s as simple as initiating password resets on accounts associated with that phone number. Facebook, Gmail, Twitter — and more. A hacker can use your hijacked phone number to steal all of your cryptocurrency, take over your vanity Instagram username or maliciously delete all of your data.
You can read what happened to TechCrunch’s own John Biggs when his phone number was hijacked.
In the worst cases, it can be difficult or impossible to get your phone number back — let alone the accounts that get broken into. Your best bet is to make sure it never happens in the first place.