Spy boss says get a second clean phone – Craptus and Mediscare

One of Australia’s top spy bosses, Rachel Noble, has said having a second clean phone free of social media [and Apps] is the only way to have absolute certainty of data privacy.

She is not being sensational at all – she is dead right, and let me explain why.

Why cybercriminals need your personal data.

A little data helps in scamming using what they know to lure you in with carefully socially engineered emails that you open and click on a poisoned weblink. For example, scammers see that I get many parcels, and accordingly, I get a lot of Australia Post, DHL and other courier email scams.

More data can help with account takeover – bank, phone, credit cards and financial accounts. My Aunt had her Telstra landline account taken over and then used by scammers to take over other accounts. It is all about the 100 points of identity – driver’s licence, passport, Medicare and utility bills showing your name and address.  It was a real bitch to get control again, not helped by Telstra’s recalcitrance to help at the time.

Lots of data like the Optus and Medicare debacle leads to all of the above, plus a massive potential for ID Theft that can ruin you, steal your savings and super and leave you with debts you are responsible for. A well-heeled executive friend suffered ID Theft and estimates that it has taken over 600 hours of frustration and potential losses of nearly $500,000 to get it back.

You can read more about ID Theft issues at OPTUS Hack – an update

What can you do to minimise data loss?

Our first and absolutely firm recommendation is to delete Facebook, TikTok, messenger and any social media accounts so that you stop oversharing nuggets of gold (data) with hackers. Post a picture of you celebrating a birthday with friends, and cybercriminals can deduce your birthday (as well as gender and get your face ID) and your friends’ names.

Second, you need to invent a new you. New driver’s licence, credit card (numbers), passport (numbers), email address, and phone number. Getting a new home address is not practical, but if you get sensitive mail, consider a Post Office Box or at least a lock on the mailbox.

Another strong recommendation is to set up a new clean email account and associate that with all your online accounts. The new email name means only ‘real’ information comes to you in that account. The old email (which you have had for years) becomes untrusted – you need to take extra care with the veracity of that content.

That is where Rachael Noble’s second clean phone comes in. Why? Because you cannot access your bank account etc., without entering a two-factor verification code sent to your phone. If cybercriminals have that number, they can spoof and intercept such codes. If you associate a new number with your accounts, then no spoofing. We recommended getting a low-cost $ 10-a-month SIM (unlimited calls and texts) and putting it in the second sim slot, but if you don’t have a second slot, buy a cheap phone (from $100) to enable this.

Apps are data harvesters

Noble’s advice (and she of all should know) is that your new phone number needs to be on a phone free of spyware and malware. In short, it means no Social Media apps or anything beyond essential Google apps, and even these need to be locked down to stop data exfiltration. In fact, we recommend a dumb phone (non-Android – remember the good old Nokia days) that cannot catch a virus. Android 12 and 13 users can create different profiles that essentially set up two different phones – one with social media and one without.

Why? Every app is a data harvester. Whether it is location (if only to provide local recommendations) to the full-blown contacts, calendar, call logs and camera/mic. You need to ask why, for example, does a free flashlight app need to access everything? Answer: Because it sells your data.

So, if you are a risk – and you will likely be – there is no time like the present to invent a new, private you, and that starts with a second clean phone.

Managing all these new IDs and numbers

A mate had his computer hacked and bank account emptied. Why? He had all his passwords in electronic sticky notes on the PC.

We recommend the free LastPass password manager, which gives

  • Unlimited passwords
  • Access on one device type – computer or mobile
  • 30-day Premium trial
  • Save and autofill passwords
  • One-to-one sharing
  • Password-less login
  • Password generator
  • Private vault for personal data like bank account numbers, Medicare etc

Personal is limited to one device – PC or mobile but the paid Families version gives you six family members, access on all supported devices and Dark Web monitoring for your email/password. 

CyberShack’s view – get a second clean phone is good advice

While it may sound extreme, it is the same principle as getting new numbers for every important ID form,

The real issue is that your smartphone is the window to your life. Read Stay safer online – simple steps for home or mobile security (consumer advice)