Phone number hijacking is a real problem, especially with cell phones, and thieves use it as part of an overall identity (and retirement fund) theft approach.
For those who didn't catch it, that's a somewhat "famous" phone number.
Neat tip: you can use your area code + this number in almost any system that asks for a phone number (especially useful supermarket "loyalty" customer tracking systems). If they ask for a name, just tell them "Jenny".
I was at the mall one day buying something. The cashier said “what’s your cell number?” My reply was “no”. They looked at me shocked and bewildered but the shock was all mine. Who in their right mind asks for a cell number from a shopper? Any time anyone asks me for phone number I just say “no”, seems to work.
I think the parent took the literal answer of “no” to be a bit terse, depends on how you read that example conversation. I doubt anyone is arguing it’s actually rude to refuse to provide a phone number, just to not be snarky when doing so.
If it’s uncomfortable to ask then don’t take my response personally. I don’t do it to be rude, just found this to be the most effective way of making a statement without saying much more - which is more likely to make the cashier upset given my resting tone.
Radio Shack used to always want a bunch of information from you for their database, whenever you would buy anything, cash or not. It was good training in refusing to participate in data harvesting that, 30 years after my first nervous "No", is more relevant and necessary than ever.
I'm not saying you should say yes to be agreeable. Just be polite but firm. I would say something along the lines of "I don't want to give out my phone number sorry." or even just shaking your head back and forth works.
"Do you have a phone number" "No" comes off as you being irritated and will make the staff member feel like a dick for just doing their job.
I'm not saying you must always be polite. If somebody is being a pushy asshole push back. However if you can take a few seconds to make a minimum wage drone not feel as bad about their job its well worth it.
> Neat tip: you can use your area code + this number in almost any system that asks for a phone number (especially useful supermarket "loyalty" customer tracking systems). If they ask for a name, just tell them "Jenny".
Do you actually do this? It hasn't worked for me most places I've tried it. In a couple cases it froze/crashed their system. I always wondered what people who legitimately have this number do.
Yep, I use it all the time at the area supermarkets (works with no less than four different chains).
I predict that someday soon, supermarkets will sell my food purchase history to insurance companies, so when I buy loads of vegetables and such, I use my real number. When I buy wine & bacon -- you guessed it: 867-5309.
Tip #2: They also link purchase records based on debit card account numbers. So pay cash.
Tip #3: if the number doesn't work for your area code, try it with a different area code. (the sysadmins sometime purge a number that is being used by loads of people.)
Also, if you need to provide a zip code, Beverly Hills 90210 works just fine.
> I predict that someday soon, supermarkets will sell my food purchase history to insurance companies, so when I buy loads of vegetables and such, I use my real number. When I buy wine & bacon -- you guessed it: 867-5309.
That won't help, your purchases can still be linked to yourself with your credit card.
If a shop or any service business, which has no business of having this information, asks me for phone # or ZIP code I advise them right straight to fuck off.
Since it's not the cashiers fault I make sure not do be hostile or rude to her / him, but I make it very clear that it's none of their business and if they absolutely insist on it I walk away.
Preemptively: "Nothing-to-hide" folks don't live in transparent houses, wear clothes and don't tell their passwords to everyone they meet. Everyone has something to hide or they're dishonest. Information equals opportunities for attack... Publisher's Clearing House and other "contest" identity prostitution scams... no way.
I always use 312-836-7000, which is the CTA's customer service number. It stuck in my head from years of bus commuting in Chicago. It most recently worked for me as a loyalty card at a Safeway in Mountain View, so I'm apparently not the only one with this number stuck in their head. But not enough people know it for it to be flagged. (Never tried it when I lived in Chicago, interestingly. There it might be more widespread.)
Are there any SIM card providers in the US or Europe that provide strong identification on Phone number porting? Such as requiring a password or physical identification?
Many do, until an employee decides the number needs to be ported anyway. There is always an "override" feature / method to overcome these measures.
Telecoms are thin margin business and every human check or technical security measure will be rejected until customers start leaving, mentioning a particular issue. Problems with porting, S7 weaknesses, number spoofing and other anoyances is that you will be hard pressed to find an alternative operator that actually protects for these risks simply because they cost money and in the end only few customers are willing to pay the 10% a month extra.
You don't even need to forge the paperwork if you work at a telco. Create the number port request in NPAC, wait for the confirmation timeout, and activate the number port. The timeout depends on the two carriers but it's generally a day or two.
Banks are starting to support opening accounts and credit cards using phone carrier data for authentication. A majority of application data could be auto-filled using only a phone number and billing zip code. The effort for convenience in applying actually could open a lot of people to potential fraud (which the banks won't materially feel) and serious financial damage.
It sounds more like lack of law enforcement is the problem. In any sane society, law enforcement would have to authority to rain down like holy hell on people like this.
I get the impression that in the United States, regulation to shift fraud liability to the banks, and away from the individual customers, is more effective than relying upon law enforcement.
If someone breaks into my home and steals my stuff, I may hope for law enforcement to catch those responsible. I have no expectation that my property would be returned to me.
Thinking through this analogy, property-theft insurance is affordable because law enforcement is effective where I live, and I am expected to maintain reasonable precautions against theft.
I don't know how to prevent my phone number from being used without my permission. So I don't know how to apply law enforcement as a remedy.
> If someone breaks into my home and steals my stuff, I may hope for law enforcement to catch those responsible.
Dream on. In most US jurisdictions, property crime is very low priority for law enforcement. Even if you have cameras recording the thieves in action, LE might create a report but they will probably not investigate the crime at more than a superficial level.
Law enforcement in the US is primarily focused on clearing "moral" crimes or things that make their departments money. Things like murder, drug use, prostitution, and domestic violence are high targets because they are "easier" to police than things like theft. Some police departments are also funded by monies they can just take from people under "suspicion" that someone was going to commit a crime using civil asset forfeiture. Good luck ever getting that money back. Just watching a show like LivePD in the US you'll see that while there are a ton of absolutely amazing and dedicated law enforcement officers out there, there's also those who completely treat people like dirt and take every opportunity to lie or intimidate people into confessing to crimes.
That assumes the world is fair. From my experience, it's not.
I would fully expect if I did this for it to be one of the few times they actually caught it (and possibly because he the original complaint caused specific flags to be put on one or the other of the accounts...)
Not necessarily. It is entirely possible to force-port a number by faking a letter of authorization as OP described. When I worked in telco, I did LOA-based paper ports at least twice a month for customers whose losing providers were being jerks* about not coughing up approval. The number port database admin at the time only required that I tick a box on an electronic form certifying that I had written authorization from the customer to force the port and upload a PDF. The losing carrier could do nothing to stop the port.
Your Google account security actually means relatively little here for a determined attacker. Sure, it prevents the takes-only-a-few-minutes automatically-approved ports (which, yes, is what roughly 90% of attackers are going to go for) so you're excluded as low-hanging fruit but Google is not itself a telco and doesn't host the phone numbers directly on its infrastructure so it can't do much to harden against this kind of attack.
* (A certain wireless provider that used to be a three-letter acronym and is now fairly low in the alphabet was notorious for refusing ports when wireless number portability first started.)
I filed an FTC complaint and they couldn’t have cared less.
Phones are a broken system.