The US Federal Communications Commission (FCC) recently proposed a bunch of new rules to combat the SIM-swapping and port-out menace, reigniting the debate around two well-known smartphone frauds that have caused millions of dollars in damage and ruined many lives. SIM swapping happens when a bad actor convinces a carrier to transfer the cellular service from a victim’s phone to a phone that the fraudster has in their possession. Port-out fraud, on the other hand, happens when a fraudster poses as a victim and gets the cellular service ported from the original carrier to a new carrier of their choice.
In an age where a ton of services are linked to mobile numbers, the potential for account takeover, data theft, and extortion are enormously high. These incidents are not limited to just one region of the globe either. In the past, fraudsters have used a SIM-swap hack to dupe thousands of users by asking them for a sham carrier fee. Cryptocurrency investors have also been the victim of such ransomware attacks via extortion after their data was stolen. On multiple occasions, law enforcement authorities have busted rings involved in hijacking phones of celebrities with millions of dollars at stake. With poor levels of identity verification requirements in a lot of these cases, users are left vulnerable.
Currently, it is mostly left up to the user to take the necessary steps to avoid being targeted by SIM-swapping and port-out frauds. Before that's possible, however, users need to be able to read the signs of when such an attack is in the process, and the FCC has previously provided some guidance on this. For example, if users suddenly aren’t able to send texts or make calls, they should immediately reach out to their service provider to look into the issue. Another red flag is when users receive alerts that their SIM has been activated or is being used on another device. Likewise, if login credentials for services, like a bank account (assuming it has been linked to a mobile number), suddenly start failing, that's a major tell-tale sign that something might be wrong.
Small Steps Help Prevent Scams
One of the most important steps that users can take is to avoid sharing their number on social media platforms and other discussion forums as malicious parties often lurk in these places looking to scoop up such personal information. Another step is implementing a robust password protection system for logging into a cellular service account. If possible, always enable two-factor authentication for an extra level of security. Some services now accept biometrics such as fingerprints for authentication in place of a PIN or text-based verification. If that is an option, it is worth using biometric verification.
Another crucial step is verifying emails, texts, or calls that ask for account details. Carriers and telecom service providers usually don’t ask for personal information and account details, which may include anything from identification information and payment details to linked emails, passwords, or codes sent via SMS. Users should always verify the details with their service provider before responding to such requests. For those worried about the security aspect, a great solution is using a service like Google Authenticator. Using multi-factor authentication, or even a physical security key, can be one of the most reliable methods to avoid SIM-swapping and port-out fraud.
Source: FTC