Port-out scams involve fraudsters exploiting the process of transferring a cell phone number from one carrier to another by using phished or stolen account information to carry out the port without the authorization of the phone number’s true owner.
After successfully gathering information about a cellular account (acquired either directly from the victim via phishing or found online), a scammer, posing as the phone number’s true owner, takes the victim’s information to another carrier and requests to port the number to a new account and cell phone. The scammer will then report the victim’s phone as lost or stolen. If the cellular carrier does not require a security PIN number or passcode, or the scammer passes any identity verification measures, the scammer may successfully port the number to a new device and carrier without the victim’s knowledge, shutting down his or her own phone’s cellular service. The scammer, now with exclusive access to the victim’s phone number, can potentially gain access to the victim’s online accounts via two-factor authentication (2FA) codes or keys texted directly to the phone number. This can happen fast, with little time for the victim to stop it or contact anyone for help.
HOW TO IDENTIFY THREAT:
If you find your smartphone suddenly stops making calls or sending texts, or says “Emergency calls only,” your phone number may have been stolen and ported out. Immediately notify your carrier. Report Scam Activity: Report any scams you encounter to local police, your cellular carrier, the Federal Trade Commission, or the Better Business Bureau. Keep a record of any information given to you or sought by the scammer.
HOW TO PROTECT AGAINST THIS THREAT:
Many carriers require account PIN numbers or other verification information to port out numbers or give out new SIM cards. However, if the PIN is a birth date, zip code, the last four digits of a social security number, or any information that is easily gathered, scammers can still quickly gain access by trying them all. There are databases online that anyone can log into and find current address, full name, the names of potential victim’s relatives, and more. Just by being aware of the dangers of hacking and by being smart about sharing information, consumers and businesses can protect themselves from a port-out or SIM hijacking scam.
Some tips for protecting yourself from port-out scams and SIM hijacking scams include:
- Use Strong Passwords: Use strong account passwords with a variety of characters (symbols, numbers, and capital letters) for any and all online accounts. Do not repeat passwords for separate accounts.
- Use 2-Factor Authentication: If your cell phone carrier allows, sign up for dual-factor authentication (not always the same as an account PIN or passcode) upon logging into your account. In addition, if there’s an option, consider listing an alternative email for authentication instead of a phone number.
- Use Obscure Answers: If your carrier uses security questions for logging in, such as “What street did you grow up on,” try to use obscure answers you won’t be able to find out in a simple address directory search.
- Pin Protection: Most carriers allow you to create a PIN or passcode required to make changes to your account. Make a strong and random PIN number or passcode to access your account in addition to your online password
- Use Public Forum Safety: Avoid leaving personal information online in public forums or on social media such as your phone number, address, or any other personally identifiable info
- Online Marketplace Safety: When dealing with online marketplaces or forums, be careful not to give out personal information unless necessary or you can verify their identity first.
- Keep to yourself: Never give out information on your cellular account over email, online, or over the phone unless you are certain you are speaking with your carrier’s customer service representative.
- Keep track of your mail: Not all identity theft begins digitally. Make sure you keep track of your mail and shred any important documents that could be taken from trash or recycling. Your cell phone, bank, utility, and cable bills all have information that could be used to get a criminal closer to porting a number your phone number.
Below is a list of websites where you can file complaints about internet-related scams, fraud, and crime. Just don’t forget to call your cellular carrier and local police first.
- Your local law enforcement’s fraud or cybercrime division.
- File a scam complaint with the Better Business Bureau Scam Tracker.
- File a complaint with the Department of Justice (DOJ).
- File a complaint about online or related transactions with EConsumer.gov.
- Federal Trade Commission: Call 1-877-FTC-HELP or file a complaint online.
- File a complaint with the Internet Crime Complaint Center (IC3) (IC3 is partnered with the FBI).
- File a report on Fraud.org.
Fraud Alert courtesy of WesPay.