I received this email yesterday from M&S about the 'cyber incident' they suffered recently (although it seems they knew since Feb.2025!).
It says that criminals have obtained my 'contact details, date of birth and online order history' and goes on to assure me that no usable card or payment details or passwords were obtained.
However, if you read carefully it then says I might receive emails, calls or texts and then says that genuine M&S calls will not ask you for your username (so that implies that the hackers also know my username).
The M&S email did not contain a link to their FAQs, so I had to search for it myself. I found it here.
So what this letter seems to imply, is that these criminals have the following information about me:
Full Name
Postal Addresses
User Name
Date of Birth
Email address
Home phone number
Mobile phone number
Online order history (so they would know size/sex/age details about members of my household, clothes size, shoe size, etc.)
So, the hackers probably have all this information about me and are even now trying to hack my email (since they know which email provider I use) and hack my mobile phone number (e.g. try to get a PAC code or new SIM with my number on it so they can steal my number by providing my personal details such as full name, DOB, full address, email address, etc.).
Once they have taken over my mobile number, they can reset my email password (receive an SMS PIN) and then proceed to take over my gmail account which has all my passwords in the password manager. From there, they can proceed to try to reset my banking passwords, etc. This is often easily done if using an app. on a mobile phone because they simply text a PIN, or send an email or ask for an authentication code which you can get by installing an authentication app.
It is suprising how many banks, etc. use your date of birth (publicly available anyway) as proof of ID!
I recently bought a new mobile phone and was amazed that I could set up my email and apps on it without needing to know any passwords! I just simply used the 'forgot password' link and they sent me a PIN to my phone and then allowed me to set a new password. A few apps required my DOB as well.
SIM PIN
Everyone should set up a SIM PIN number now if you have not already done it. This means that if your phone is stolen, the theif cannot simply remove your SIM card and put it in another phone to receive all your text messages (and SMS PIN reset pwd codes, etc.).
You should also never allow messages to be displayed on your lock screen in full because this means even if your phone is locked, a theif can see any PIN reset code sent to your phone and then hack into your account and reset you passwords.
To set a SIM PIN, navigate to your phone's settings, usually under "Security" or "Mobile Data". Then, find the SIM lock or PIN settings and follow the prompts to enable it and create a PIN. The default SIM PIN is often 0000 or 1234 (ask your SIM provider).
Detailed Steps (Android):
Open Settings: Navigate to your phone's settings.
Security: Look for a "Security" section or use the search bar to find "SIM lock".
SIM Card Lock: Under "Security," you'll find a section related to SIM cards, such as "SIM card lock" or "Advanced".
Enable SIM Lock: Toggle on the switch to enable the SIM lock.
Enter Default PIN: You'll be prompted to enter the default SIM PIN (usually 0000 or 1234).
Change to New PIN: After entering the default PIN, you'll be able to change it to a new, more secure four-digit PIN.
Detailed Steps (iPhone):
Open Settings: Go to your iPhone settings.
Cellular/Mobile Service: Navigate to "Cellular" or "Mobile Service".
SIM PIN: Look for "SIM PIN" under your chosen cellular line.
Enable SIM PIN: Toggle the switch to turn on the SIM PIN.
Enter PIN: You'll be prompted to enter a four-digit SIM PIN.
Confirm PIN: Confirm your new PIN.
Important Considerations:
Default PIN:
The default SIM PIN is often 0000 or 1234, but it's best to change it to a unique PIN.
Wrong PIN:
If you enter the wrong PIN multiple times, your SIM card may be locked, requiring you to contact your carrier for assistance.
Remember Your PIN:
It's crucial to remember your PIN, as you'll need it every time you turn on your phone or if you need to unlock your SIM card.
Contact Carrier:
If you forget your PIN or don't know the default PIN, contact your mobile carrier for help.
Theft prevention
You should also set up as much theft protection as possible:
1. Screen Lock:
Passcode or Password:
A strong PIN or password can prevent unauthorized access to your phone's data and apps.
Biometric Authentication:
Fingerprint and facial recognition add an extra layer of security, making it harder for thieves to bypass your phone's lock.
2. Find My Device/Tracking Apps:
Find My Device (Android):
This feature allows you to remotely lock your device, erase data, or play a sound if it's lost or stolen.
Tracking Apps (iOS/Android):
Many third-party apps can help you locate your phone if it's stolen, especially if it's disconnected from the internet.
3. Android Theft Protection Features:
Theft Detection Lock:
This feature, powered by AI and your phone's sensors, can detect if someone snatches your phone and attempts to run, bike, or drive away. If it detects suspicious activity, it will automatically lock the screen to protect your data.
Offline Device Lock:
This feature kicks in if your phone is disconnected from the internet, which is often the first thing thieves do to avoid being tracked. It will prevent unauthorized access and data theft even if the thief turns off Wi-Fi or airplane mode.
4. Additional Security Measures:
SIM Card PIN:
Setting a SIM card PIN can prevent thieves from using your phone if it's stolen, even if they have the physical device.
Device Encryption:
Encrypting your phone's data adds an extra layer of security, making it harder for thieves to access your personal information if they manage to bypass the screen lock.
IMEI Number:
Every mobile phone has a unique IMEI (International Mobile Equipment Identity) number. Note down this number and report it to your mobile provider if your phone is stolen. This number can help police and insurance companies identify the phone and possibly recover it.
Factory Reset Protection:
Some phones have features that prevent a thief from resetting your device to factory settings remotely. This can be a significant deterrent for thieves.
Consider Anti-theft Apps:
These apps can offer additional security features, including remote locking, data wiping, and location tracking.
In Summary:
By enabling screen lock, activating Find My Device or a similar tracking app, and utilizing Android's Theft Detection Lock and Offline Device Lock, you can significantly enhance your mobile phone's security and protect your data in case of theft.
No comments:
Post a Comment