I am not a big fan of Google and I try to avoid them at all costs due to privacy concerns. However, they do offer a free VOIP phone number with their Google Voice service that can be very helpful. There is a somewhat new scam that has been going on for a few years now that allows hackers to gain access to your accounts using your phone number.
What is 2FA?
Most of us these days know to use a unique randomized strong password for each of our accounts and have also probably begun to implement two-factor authentication (2FA). 2FA is when you try to log in and the service says they are sending you a code to your phone as an added security feature. These are two factors used to authenticate you in that you need (1) your password, and (2) your physical phone to receive the code.
What is the Hack?
Hackers can still find ways to access your password and login info but they need your phone for the authentication. Well, some hackers have begun to call your phone service provider and through the use of social engineering are able to convince the customer service representative to activate a new sim card with your number as if the hacker is you. This gives hackers about 24 hours or so to have full access to your phone number and any text messages sent before anyone realizes what happened. By this time the hacker has accessed your account and changed all security features and login info to prevent you from regaining access. This is known as “sim swapping”.
Using Google Voice to Protect Yourself
To help protect from these attacks, you can use an authentication app such as Authy to provide those one-time passwords instead of receiving a text. Unfortunately, some services do not provide the capability to use these apps and require a phone number only. Many online banking sites still only use phone numbers for authentication.
Google allows its users one free phone number that can be used for calls and texts through their app. You can have the text messages sent to this Google Voice number forwarded to an email address on your phone instead of downloading the app. Using this number for your authentication prevents hackers from doing sim swapping on your number since it is not tied to your sim card. Be sure to lock down your Google account and email using strong unique passwords and 2FA.
The podcast Reply All did an episode on a girl named Lizzie that had her Snapchat user account stolen by sim swapping and they found the hackers and talked to them on how they did it. You can listen to the Reply All episode #130 The Snapchat Thief here.