Criminals can steal your phone number by pretending to be you and transferring it to another phone. They then receive security codes sent via SMS to their mobile phones, allowing them to access their bank accounts and other secure services. So be very careful about the latest scam so that they don't get your cell phone number.
“Portability scams” are a big problem for the entire mobile phone industry. In this scam, a criminal impersonates you and transfers your existing phone number to another mobile operator. This process is known as “porting” and is intended to allow you to keep your phone number when you switch to a new mobile phone provider. Any texts and calls to your phone number are then sent to their phones instead of yours.
This is a big problem because many online accounts, including bank accounts, use your phone number as a two-factor authentication method. This way, they won't let you log in without sending a code to your cell phone first. However, after carrying out the portability scam, the criminal will get this security code on his cell phone. You can use it to access your financial accounts and other sensitive services.
Naturally, this type of attack is more dangerous if the attacker already has access to your other accounts – for example, if he already has your online banking password or access to your email account. But it allows an attacker to bypass SMS-based security messages designed to protect you in this case.
This attack is also known as SIM hijacking because it transfers your phone number from your current SIM card to the attacker's SIM card.
How does this transportation system work?
This scam has a lot in common with identity theft. Someone with your personal information impersonates you and asks your cell phone provider to transfer your phone number to a new cell phone. The mobile operator will ask you to provide some personal information to identify yourself, but often, providing your tax number among other things is enough. In an ideal world, this data would be private. But, as we've seen, just stealing information from a company is enough for all of this to fall into the hands of criminals.
If the person can fool the cell phone operator, the exchange will take place instantly. However, any SMS sent to you and phone calls intended for you will be forwarded to her phone. Your phone number is linked to the criminal's phone number. Then your current smartphone no longer has calling, texting or data service.
This is just another form of social engineering attack. Someone contacts a company pretending to be someone else and uses social engineering to get access to something they shouldn't. Like other companies, mobile operators want everything to be as easy as possible for legitimate customers. So your security may not be tight enough to ward off all attackers.
Avoid relying on your phone number as a security measure
Phone number portability scams are one reason you should avoid SMS-based two-step security whenever possible. We all like to think that our phone numbers are completely under our control and only associated with the equipment we own. In fact, this is not true. When you trust your phone number, you trust your mobile operator's customer service to protect your phone number and prevent attackers from stealing it.
Instead of receiving security codes sent via text message, we recommend using other two-factor security methods. A good example of this is Google Authenticator. These applications generate the code on the cell phone itself. So the criminal must have your cell phone – and unlock it – to get the security code.
“Coffee trailblazer. Social media ninja. Unapologetic web guru. Friendly music fan. Alcohol fanatic.”