Cybersecurity

Stop fraudsters from hijacking your mobile devices

It’s important to take these steps, so we don’t fall victim to a mobile device takeover—and know what to do if our number does get “hijacked.”


As a financial firm, we are on the frontlines fighting cyber fraud and protecting clients from hackers. Lately, we’ve been seeing an increase in mobile device takeovers.

What is a mobile device takeover? 

Also known as “phone hijacking” or “SIM swap attack”1—it’s when fraudsters take over a mobile device without having to steal the device physically. Instead, they steal your phone number by tricking your cell phone service provider into transferring your phone number to their new device. Your cell phone number has been hijacked. And all the fraudster needed was a fake ID and maybe some answers to your security questions.    

The fraudster then gets all your phone calls and text messages. What may be worse: The criminal also is able to reset passwords on accounts that have your number listed for password recovery purposes. The fraudster, not you, will get the one-time verification code sent to allow a password reset. 

One of our clients, Bruce, experienced firsthand a breach in cell phone security:2

His phone was working fine while he was at an airport waiting to board a three-hour flight. After the flight, Bruce checked his phone and was surprised to see he had no new messages. He wanted an Uber to get home, but was unable to access that app. He tried to call his wife and wasn’t able to make the call. 

In the short time Bruce had been in the air, a fraudster managed to transfer $20,000 out of his bank account.    

What does Bruce do now? 

He must immediately contact his service provider and bank. Time is crucial for the recovery process. The service provider should diagnose the extent of the compromise and take steps to protect Bruce. The bank also should immediately begin its recovery and mitigation processes, which include trying to recapture lost funds and renumbering any compromised accounts.

But there is much Bruce might have done long before he was forced to take these measures.

Here is what we all can do now to protect ourselves from mobile device takeover attacks. The keys to preventing phone hacking are to know how to spot fraud, create layers of verification, and protect your identity generally.

Your cell phone security checklist

Spot fraud.  

  • Pay close attention to cell phone service disruptions. Bruce was on an airplane, so he didn’t notice a disruption of his service until the damage was done. But if you are unable to receive calls or text messages in a location that normally permits such service, take note. If the disruption lasts 20 minutes, call your mobile phone carrier immediately. 

Create layers of verification.

  • Add a verbal password to your mobile service account. Contact your mobile device provider immediately to do so.
  • Enable multi-factor authentication for all online accounts, if offered by the mobile service provider. Enable your device to automatically lock itself after a period of inactivity.

Protect your identity. 

  • Protect all mobile devices and tablets with your fingerprint or facial recognition technology whenever possible. If these security features are not available, use strong, complex passwords.
  • Avoid using the same PIN for multiple devices.
  • Avoid answering calls from unknown individuals. Be wary of impersonators attempting to deceive you into divulging information or taking action on a financial account.
    • Verify callers before providing any information. If you are unsure, call the business on a known number. For example, if you receive a call from JPMorgan Chase, call the number on the back of your card, or call your J.P. Morgan representative before providing any information.
    • Never provide your full card number, PIN or one-time authentication passcode to an unknown caller, even if the caller claims to be from J.P. Morgan.
  • Install anti-virus software on your mobile device and activate automatic updates to ensure the devices remain protected.
  • Before trading in an old device—erase any personal information it may contain by resetting it to its factory settings.

We can help 

As soon as you think you may be a victim of a cell phone security problem—or any other type of fraud—contact your J.P. Morgan representative. Our teams work around the clock and will start the recovery process immediately, and work with you to recover lost funds. 

1SIM is an integrated circuit known as the subscriber identification module (aka SIM card) that is intended to store, securely, your international mobile subscriber identity number and its related key. These are used to identify and authenticate subscribers on mobile devices.    

2All case studies are based on real-life stories but have been altered to preserve privacy and confidentiality. Any name referenced is fictional and may not be representative of other individuals’ experiences. Information does not guarantee future results.  

 

 

 

 

Important Information

The information within this webpage is provided for educational and informational purposes only and is not intended, nor should it be relied upon, to address every aspect of the subject discussed herein. The information provided is intended to help clients protect themselves from cyber fraud. It does not provide a comprehensive listing of all types of cyber fraud activities and it does not identify all types of cybersecurity best practices. You, your company or organization is responsible for determining how to best protect itself against cyber fraud activities and for selecting the cybersecurity best practices that are most appropriate to your needs.


Check the background of Our Firm and Investment Professionals on FINRA's BrokerCheck

To learn more about J. P. Morgan’s investment business, including our accounts, products and services, as well as our relationship with you, please review our  J.P. Morgan Securities LLC Form CRS and  Guide to Investment Services and Brokerage Products.

This website is for informational purposes only, and not an offer, recommendation or solicitation of any product, strategy service or transaction. Any views, strategies or products discussed on this site may not be appropriate or suitable for all individuals and are subject to risks. Prior to making any investment or financial decisions, an investor should seek individualized advice from a personal financial, legal, tax and other professional advisors that take into account all of the particular facts and circumstances of an investor's own situation. 

This website provides information about the brokerage and investment advisory services provided by J.P. Morgan Securities LLC (“JPMS”). When JPMS acts as a broker-dealer, a client's relationship with us and our duties to the client will be different in some important ways than a client's relationship with us and our duties to the client when we are acting as an investment advisor. A client should carefully read the agreements and disclosures received (including our Form ADV disclosure brochure, if and when applicable) in connection with our provision of services for important information about the capacity in which we will be acting.

INVESTMENT AND INSURANCE PRODUCTS ARE: • NOT FDIC INSURED • NOT INSURED BY ANY FEDERAL GOVERNMENT AGENCY • NOT A DEPOSIT OR OTHER OBLIGATION OF, OR GUARANTEED BY, JPMORGAN CHASE BANK, N.A. OR ANY OF ITS AFFILIATES • SUBJECT TO INVESTMENT RISKS, INCLUDING POSSIBLE LOSS OF THE PRINCIPAL AMOUNT INVESTED
Equal Housing Opportunity logo

J.P. Morgan Chase Bank N.A., Member FDIC Not a commitment to lend. All extensions of credit are subject to credit approval 

“J.P. Morgan Securities” is a brand name for a wealth management business conducted by JPMorgan Chase & Co. (“JPMC”) and its subsidiaries worldwide. JPMorgan Chase Bank, N.A. and its affiliates (collectively “JPMCB”) offer investment products, which may include bank managed accounts and custody, as part of its trust and fiduciary services. Other investment products and services, such as brokerage and advisory accounts, are offered through J.P. Morgan Securities LLC (“JPMS”), a member of FINRA and SIPC. Annuities are made available through Chase Insurance Agency, Inc. (CIA), a licensed insurance agency, doing business as Chase Insurance Agency Services, Inc. in Florida. JPMCB, JPMS and CIA are affiliated companies under the common control of JPMorgan Chase & Co. Products not available in all states.

Please read additional Important Information in conjunction with these pages.