Thieves hacking your bank account is bad; stealing your phone number, worse
Search our blog for articles and insights right here, just type your interest and dive into a world of knowledge.
Popular articles
Port-Out Hijacking: A Growing Threat to Personal Finance
In May, my typical morning routine took an alarming turn when my cell service cut off, leaving me unable to make calls or send texts. Using my home Wi-Fi, I discovered an email alert about a $20,000 transfer from my credit card to a suspicious Discover Bank account. Despite thwarting that transaction and reporting my cell phone issues, a fraudster managed to transfer $19,000 days later, making me a victim of port-out hijacking, also known as SIM-swapping.
Port-out hijacking is a sophisticated form of identity theft where criminals hijack your phone number, redirecting your calls and texts to their devices. This undermines security measures like two-factor authentication, as verification texts are sent to the criminal's phone. Despite being vigilant with cybersecurity practices, such as frequently updating passwords and using multi-factor authentication, I still fell prey to this crime, highlighting how even cautious individuals remain vulnerable.
The FBI’s Internet Crime Complaint Center has seen a notable rise in SIM-swapping cases, receiving 1,611 complaints with losses exceeding $68 million. Complaints to the FCC about the crime also surged, doubling from 275 in 2020 to 550 in 2023. According to Rachel Tobac, CEO of SocialProof Security, the actual figures might be higher as many cases go unreported. She criticizes two-factor authentication as outdated, given how easily personal information can be found online.
A recent data breach at AT&T, where customer information was exposed, underscores the vulnerability. Although no personal information was allegedly leaked, the incident exemplifies the risks involved. Criminals can swiftly transfer phone numbers if they have access to your personal data, making it vital for companies and individuals alike to bolster their security measures.
Need for Stronger Consumer Protection Protocols
Experts advocate for consumers to pressure companies to enhance data protection protocols. Current FCC rules, updated in 2023, demand more secure customer authentication methods before redirecting a phone number. Potential new measures include requiring government ID, voice verification, or additional security questions for number porting. However, the implementation of these rules has been delayed to allow further review by the White House Office of Management.
The wireless industry, represented by the CTIA, contends that these changes require significant technological and procedural overhauls. Yet, experts believe that had these rules been in place earlier, my phone number might have been harder to steal.
Challenges in Reclaiming Control
Despite taking all possible measures like removing my number from bank accounts, freezing my credit, and changing passwords, it took ten days to regain control of my phone number from Cricket Wireless. The scammer accessed my bank account multiple times, eventually succeeding in transferring $19,000. Bank of America later reversed the wire transfer after I sought help in person.
Cricket Wireless acknowledged the flaw, pledging to improve their customer experience and collaborates with law enforcement and the industry to combat such crimes. AT&T confirmed that all providers are striving to comply with new FCC regulations on port-outs and SIM swaps.
This ordeal has been a stark reminder of our vulnerability when personal information is easily accessible. Whether through my social security number, phone number, birth date, or possibly a voice recording, the scammer found a way to exploit the publicly available data. It underscores the urgent need for enhanced consumer protection and greater awareness to safeguard against such threats.
