Cell Phone Scam Alert!

Almost every American today has a cell phone. Fortunately, we don’t have to know how they work to use them. The downside is that many people fail to appreciate just how exposed and vulnerable all their cell communications over public networks really are.
A survey released in May 2016 by Symantec, a tech company that specializes in online security, revealed that 60 percent of the 1,025 respondents thought their information was safe when using unsecured public WiFi networks.
The truth is very different. Accessing public WiFi requires no password or other online security protections of any kind – it is “always on” and connects automatically to any receptive device that comes within its range.
This is very convenient when you are driving around and moving quickly between cell phone towers and hot spots. But unrestricted, unprotected internet access also allows hackers to use devices to intercept, modify or steal any and all unencrypted text transmissions sent over unsecured Wi-Fi channels. Including yours.
You read that right: any would-be thief can hang out in a coffee shop with a sniffer and use the public internet wireless network there to make off with all your cell phone’s personal communications, corporate data, images, media files, intellectual property, and the contents of all your unencrypted email or instant messages. All this can happen without you even being aware of it.
For this reason alone, always be cautious when you send confidential information of any kind over your cell phone when you are in your car or in a public place using someone’s else’s unsecured internet access.
Despite the risk of massive data theft that comes along with each and every cell phone sold on the planet, navigation apps on these devices need your permission to allow third-party access to your cell phone’s location.
The location finder app has to remain active while you are using a map app to find your way. Your phone is constantly sending your location data out over unsecured WiFi networks as you pass from one cell phone tower or hotspot to another.
Motherboard revealed the shocking news in early March 2019 that unauthorized individuals claiming to be law enforcement officials have been contacting cell phone providers for real-time location data for a cell phone associated with a certain call number – and therefore, probably the location of the cell phone’s owner (or user, a child):
“AT&T, T-Mobile, and Sprint have been selling their customers’ real-time location data, which trickled down through a network of middlemen and data brokers before arriving in the hands of bounty hunters.”
Most places in the U.S. require a court order to force cell phone companies to pony up customer data to law enforcement agencies. But John or Joan Law can get around this legal technicality by telling the telco representative that there are “exigent circumstances” which require making an exception for this case. The cell phone company will then often provide private location information without court authorization. (And by the way, any person in danger, such as an abducted child or someone trapped inside a burning house, is in exigent circumstances.)
Now, we find out that criminals are posing as John or Joan Law and convincing cell phone companies to give them privacy-protected customer phone location information.
Some of these criminals are well-intentioned bounty hunters or debt collectors. But others are stalkers or domestic violence offenders looking for their victims.
Motherboard obtained an audio recording of “a previously prosecuted case in which one debt collector tricked T-Mobile by fabricating cases of child kidnapping to convince the telco to hand over location data.”
Valerie McGilvrey is a skip tracer, someone who locates another person’s whereabouts. She has been involved with prosecuting some of the imposters responsible for this illegal cell phone data disclosure.
McGilvrey said that the telcos have been “very stupid” about falling for this con. She blamed poor corporate policy and procedure:
“They have not done due diligence and called the police [departments] directly to verify the case or vet the identity of the person calling.”
In the case of U.S. v. Edens, the defendant, John Letcher Edens, impersonated a U.S. Marshal seven times from October 21, 2014, through November 26, 2014, in order to obtain location information on a total of 14 victims. The con artist “sought ‘Real-Time Location of the Mobile Device (E911 Locator)’ information on [a] private phone.”
On McGilvrey’s website, The Daily Skip, she writes that she blew the whistle on Edens and provided evidence that he was using the data he obtained illegally to target women with extortion. McGilvrey “decided I had to turn over my recording to the United States.”
One woman sued Edens “for sending harassing text messages intending to bully her into surrendering her car.” Not knowing his true name, she filed a civil suit against him naming him as John Anderson.
McGilvrey easily determined that Eden’s true identity and that “he had no repossession insurance, no collection insurance and probably no knowledge of the FDCPA which prohibits using a fictitious name, harassment and contacting a debtor on their cell phone.”
Six months after McGilvrey tipped off federal authorities about Edens’ criminal activities, he was formally charged and arrested in May 2015. At the time, Edens was already on probation for stalking and harassment.
McGilvrey said she was informed that, after his arrest, Edens “confessed although later recanted.”
On February 10, 2016, McGilvrey provided an update on this story: Edens received a one-year sentence in federal prison followed by three years of probation. “He has been serving the remainder of his sentence for stalking and harassment in a Georgia Department of Corrections Prison. He’ll begin his federal prison sentence once his current sentence is completed.”
U.S. lawmakers are now turning their attention to drafting new bills to punish phone companies which fail to protect the customers’ privacy and data.