There's a warning about a new way scammers are stealing your personal identity and your money. All they need is your cellphone number.
They've found a hole in one of the newest and supposedly safest ways to verify your identity: two-step verification.
The two-step authentication security process is when a company will send a text message to your cellphone number on file. The text they send has a code.
You then have to type the code online in order to get into your account. It's all to make it harder for scammers to get in.
However now they'll just steal your phone number.
The New York Times was the first to report the problem.
Scammers are reportedly going to cellphone stores with a smartphone and saying they want new service but don't want a new phone number.
They give the cellphone company your number, and with the push of a button those texts asking you to verify your account are going to their phone, not yours.
They can access your account in minutes.
The process may seem complicated, but experts say all it requires is a convincing story, a bit of acting and a sympathetic customer service agent.
"If I called AT&T and came up with a big story about how my buddy is in the ICU and he's lost his phone, I need to get his phone number ported over to another phone without providing all that passcode information, then suddenly I've taken your phone number, and I can get into your bank account," said Keith Barthold, of DKB Innovative.
A spokesman for the trade group that represents the wireless companies tells NBC 5 Responds, "Hackers and cyber-criminals are increasingly mounting ever sophisticated attacks. The wireless industry is continually advancing new techniques and practices to defeat illegal behavior."
There is something you can do to help.
Call your cellphone provider and ask for a password or PIN to be put on your account.
Inform the phone company that you don't want your number changed to a new device unless the person has the PIN code.
It creates another layer of protection.