September 17, 2017  
 
Gaebler.com is a daily online magazine covering small business news. We help entrepreneurs transform ideas and innovations into greatness.

Small Business News for Entrepreneurs

 

Small Business Technology News

 

Simple Steps For Verizon To Fix Call Forwarding Hacks

Written by Ken Gaebler
Published: 8/11/2016

It seems that hackers can forward a Verizon cell phone easily and with impunity. But Verizon could easily minimize the damage with these three simple initiatives.

Hackers have forwarded my Verizon cell phone and used it to get activation codes from my bank.

Verizon Forgot Password

This happened back in February, and it seems they are trying again this month.

It's relatively easy to do this -- so easy that even the head of the CIA was a victim, as was Donald Trump.

The most effective method is social hacking. You just call Verizon support and with just a little bit of information and a good story, a hacker can convince a Verizon agent to forward your phone or give the hacker information that allows them to forward the call online.

Verizon lets you setup a PIN to protect your account, but the hackers say it's easy to find a service rep who won't ask you for it or who will let you verify your identity simply by giving them some other personal information that can be found out pretty easily.

Even after my Verizon hack and bank account hack earlier this year, when I went into a Verizon store, within minutes they were happily issuing me a new phone for my account without asking my PIN. When I called them on the mistake, they were very embarrassed and said "You're right, sir. What is your password?"

I also suspect that hackers have figured out how to trick the online code that Verizon wrote for call forwarding and forward any phone they want whenever they want. That program is:

https://ebillpay.verizonwireless.com/vzw/secure/services/CallForwardWS.action

In theory, you can only use that when you are logged into Verizon and you can only use it on your phone number. But a hacker's entry on a Pastebin page suggests it's been on hackers' radar for a while.

(As a quick side note, sites like Pastebin are popular with hackers because they can anonymously post data on Pastebin like credit card numbers and userid and passwords for email. You can see that on the page I referenced above and I only share it because the hackers already have had that info for a couple of years.)

Easy Steps for Verizon to Take to Mitigate Damage from Call Forwarding Hacks

Since cell phones are used to receive security activation codes from banks, Verizon call forward hacks are a bigger problem than you might realize. My hackers got bank activation codes while I slept simply by forwarding my phone. My bank called my phone at 3AM but I had no record of that since it went to the hacker's number. Next thing I knew my account was $9,000 lighter and the hackers had gotten away without being caught.

I have some deep respect for hackers' talents. But what is annoying is that Verizon could take some very simple steps to make it much harder to forward a Verizon number without the owner's consent. Here's all it would take:

  • Let Me Know When Somebody Calls Support About My Account -- Text me, call me and email me whenever a support request is made about my cell phone number. Similarly, when I log into Verizon, give me the means to see a history of all my calls or emails to support. Verizon, if you did this, I would know when somebody is hacking my account and it would at least put me on guard. Sure, really good hackers can stop me from getting the notifications, but it raises the wall just a little bit higher for them, to the point where they might look for easier targets.
  • Let Me Know When My Phone Is Forwarded -- Again, ditto the above. Text me, call me and email me whenever my cell phone number is forwarded, and let me see a record of call forwarding on my number when I log in online. Last time, I had to reach out to the CSO of Verizon to get his staff to investigate for me. It should not be that hard.
  • Let Me Permanently Disable Call Forwarding on My Account -- I have never ever had occasion to use this feature. I would love to not have it on my account at all. If you let customers turn it off, and made it very difficult for them to turn it back on, you'd certainly reduce the number of successful call forwarding hacks.

As mentioned above, hackers are very talented.

Verizon, the banks and others who have all of our data, money and secrets can never stop them, in my opinion.

But, as an outsider looking in, it doesn't seem like the Verizons of the world are aggressively pursuing extremely simple steps that could close gaping (and highly damaging) security holes.

Have Friends Who Might Like This Article?

Tweet via @gaeblerdotcom Share this on Twitter

Let them know on LinkedIn

Ready to Learn More? We Think You Might Like These Articles:

 


About Our Entrepreneur News

If you liked this small business news article, you can find plenty more like it on our site. We cover important news stories for entrepreneurs. In addition to breaking news for entrepreneurs, we also have tons of how-to articles that cover topics like getting business loans, preparing a marketing plan, getting publicity and much more.

 

 

Additional Resources for Entrepreneurs

Help for Native American Entrepreneurs

Resources for Gay Entrepreneurs

Businesses for Sale

Online Entrepreneur Tools

Economics

Lists of Small Business Incubators

Lists of Angel Investors