The FCC may finally do something — anything — about phone number theft

The FCC is poised to tackle some of the most common threats in modern identity theft as it begins drafting rules against SIM swapping and port-out fraud.

The act of SIM swapping involves a malicious actor deceiving a telephone company into transferring another person's phone number to a new SIM card they control — Princeton University has interesting research on how vulnerable your information actually is as you can see in this article. They then have access to proprietary information about the customer such as address or social security number that can be used to infiltrate other personal accounts or physically target their victim.

Port-out fraud takes the extra step of moving the phone number to another carrier, thus deactivating service to the customer on their current carrier. As many people use their mobile numbers to receive two-factor authentication codes, taking ownership of it would open up more vectors for an attacker.

Twitter CEO Jack Dorsey is probably the biggest name to fall to a SIM swap attack when his account on the platform was hacked in 2019 (via The New York Times). These hackings have taken place for years and it's only been recently that prosecutors have been able to get a grip on the matter. The Manhattan District Attorney's office is pursuing charges against a 22-year-old who scammed some 300 people out of more than $150,000 in cryptocurrency through SIM swapping.

However, there's only so much the FCC can make telcos do to protect your phone numbers. Consumers are advised to be vigilant with who they share personal information with, enable multi-factor authentication on accounts you regularly log into that does not rely on passcodes sent via email or SMS (use an authenticator app or hardware key instead), and to pay attention when their service providers notify them that a failed login attempt was made on their account.

from AndroidPolice - Feed https://ift.tt/2YiWxov
Jules Wang

The FCC is poised to tackle some of the most common threats in modern identity theft as it begins drafting rules against SIM swapping and port-out fraud.

The act of SIM swapping involves a malicious actor deceiving a telephone company into transferring another person's phone number to a new SIM card they control — Princeton University has interesting research on how vulnerable your information actually is as you can see in this article. They then have access to proprietary information about the customer such as address or social security number that can be used to infiltrate other personal accounts or physically target their victim.

Port-out fraud takes the extra step of moving the phone number to another carrier, thus deactivating service to the customer on their current carrier. As many people use their mobile numbers to receive two-factor authentication codes, taking ownership of it would open up more vectors for an attacker.

Twitter CEO Jack Dorsey is probably the biggest name to fall to a SIM swap attack when his account on the platform was hacked in 2019 (via The New York Times). These hackings have taken place for years and it's only been recently that prosecutors have been able to get a grip on the matter. The Manhattan District Attorney's office is pursuing charges against a 22-year-old who scammed some 300 people out of more than $150,000 in cryptocurrency through SIM swapping.

However, there's only so much the FCC can make telcos do to protect your phone numbers. Consumers are advised to be vigilant with who they share personal information with, enable multi-factor authentication on accounts you regularly log into that does not rely on passcodes sent via email or SMS (use an authenticator app or hardware key instead), and to pay attention when their service providers notify them that a failed login attempt was made on their account.

https://ift.tt/eA8V8J October 01, 2021 at 02:42PM