Scam: be careful not to keep your cell phone number!

Criminals can steal your phone number by pretending to be you and transferring it to another phone. They then receive security codes sent via SMS to their mobile phone, allowing them to access their bank account and other secure services. So be very careful with the latest scam so they don’t get your cell phone number.

“Portability scams” ​​are a big problem for the entire cell phone industry. In this scam, a criminal impersonates you and transfers your current phone number to another cell phone operator. This process is known as “porting” and is intended to allow you to keep your phone number when you switch to a new cell phone provider. Any text messages It is calls to your phone number are then sent to their phone instead of yours.

This is a big problem because many online accounts, including bank accounts, use your phone number as a two-factor authentication method. This way, they won’t let you log in without first sending a code to your cell phone. But, after the portability fraud has been carried out, the criminal will receive this security code on his cell phone. He may use it to access your financial accounts and other sensitive services.

Naturally, this type of attack is more dangerous if the attacker already has access to your other accounts – for example, if they already have your online banking password or access to your email account. But it allows the attacker to bypass SMS-based security messages designed to protect you in this situation.

This attack is also known as SIM hijacking as it moves your phone number from your current SIM card to the attacker’s SIM card.

How does this portability scheme work?

This scam has a lot in common with identity theft. Someone with your personal information impersonates you and asks your cell phone provider to transfer your phone number to a new cell phone. The mobile phone operator will ask you to provide some personal information to identify yourself, but often, providing your tax number among other things is sufficient. In a perfect world, this data would be private. But, as we have seen, a simple theft of information from a company is enough for all of this to fall into the hands of criminals.

If the person manages to deceive their cell phone operator, the exchange takes place immediately. However, any SMS messages sent to you and phone calls intended for you will be forwarded to her phone. Your phone number is associated with the criminal’s phone number. Then your current smartphone no longer has calling, texting or data service.

This is just another variation of a social engineering attack. Someone calls a company pretending to be someone else and uses social engineering to gain access to something they shouldn’t have. Like other companies, cell phone operators want everything to be as easy as possible for legitimate customers. So your security may not be tight enough to ward off all attackers.

Avoid relying on your phone number as a security method

Phone number portability scams are one reason you should avoid SMS-based two-step security whenever possible. We all like to think that our phone numbers are completely under our control and only associated with the equipment we own. In reality, this is not true. When you trust your phone number, you are trusting your mobile operator’s customer service to protect your phone number and prevent attackers from stealing it.

Instead of receiving security codes sent via text message, we recommend using other two-factor security methods. A good example of this is Google Authenticator. These applications generate the code on the cell phone itself. So a criminal would have to have your cell phone – and unlock it – to obtain the security code.