If you haven’t changed your cell carrier account PIN in a while, particularly if you have T-Mobile, now is the time to do so. That PIN is oftentimes the only proof of identity required to change your cell phone service from one physical mobile device to another.

If it’s been a little while, go change your cell carrier account PIN now, before finishing this article. Stop using digits from your birthday, cell phone number, address, SSN, etc., and change it to something complex, unrelated to your life, and as long as possible. Too often, these PINs are extremely easy to guess.

What happens when a scammer guesses it? As an IT support company, we find it our responsibility to break it down for you, step by step.

Step 1: After getting in via the PIN, scammers can take over your phone, making your actual phone obsolete.

Step 2: Now that they have your phone, they can access any of your online services that have SMS 2FA enabled. (Not to mention anything automatically viewable on the phone, such as emails, notes, text messages, photos, etc.)

Step 3: If you’re not automatically logged into your email on your phone already, they can simply claim to have forgotten your email password, which will lead to your reset code being texted to your number. Then, they’ll have email access.

Step 4: They’ll change your email password, locking you out.

Step 5: With email access to hacking into accounts you use on a day-to-day basis, they can select “Forgot Password” to every other online service, change the password via the emailed link, and lock you out.

  • Going off of this, here are a couple of things to consider:
    • If you utilize a password manager and have SMS account recovery/2FA enabled (We don’t suggest using SMS for any security measure if you can help it.), they can gain entrance to all your logins in one clean swoop.
    • If you enable your browser to store all your logins (which we highly discourage), they can easily log in on the same make and model browser and sync your settings, history, and passwords, allowing them to scroll thru, access, and edit a wide range of accounts. This could very easily include logins for work…

It’s time to start thinking critically about the amount of information your phone carries about you. Think of all the cloud-based information about you, right behind an easily hackable login…Thankfully, United States-based cell carriers have realized this in recent years and are putting enhanced security in place. To learn how to enable those settings, click here. This article has instructions for Verizon, Sprint, AT&T, and T-Mobile.

As mentioned before, if you have T-Mobile, it is of UTMOST importance that you change your pin. When they encountered a data breach in mid-August, account PINS were one of the many nuggets of information the hacker got about T-Mobile users. To learn more about that breach, go here. If you’d like IT support services to help navigate that mess, contact us here.