In early 2024, a group of sophisticated fraudsters hijacked the phone numbers of dozens of AT&T customers with reportedly high net worth and launched a port-out fraud cyber attack. By gaining control of these numbers, the criminals intercepted multi-factor authentication codes to access the victims’ financial accounts, primarily focusing on cryptocurrency holdings. Losses are estimated in the millions, and one high-profile victim reported losing nearly $1M alone.
Port-out fraud, also known as SIM swapping or SIM hijacking, is a sophisticated scam where fraudsters take control of your mobile phone number by transferring it to a different carrier without your consent. This type of fraud has become increasingly prevalent and poses significant cyber security risks!
How Port-Out Fraud Works
First, fraudsters gather personal information about their target. This can be done through phishing emails, social engineering, data breaches, or purchasing information from the dark web.
Once they have enough information, the fraudsters contact the victim’s mobile carrier, posing as the victim. They request a port-out, the process of transferring the phone number to a new carrier.
This is when your phone company’s verification practices come into play. If you’ve set up security questions or multi-factor authentication, then your service provider is required to pause and verify who is trying to access your accounts. Unfortunately, depending on which MFA you’ve set up, fraudsters can hack your phone for a one-time SMS code or use personal information gleaned from your social profiles to answer security questions correctly.
Once they verify, the carrier transfers the phone number to the new SIM card controlled by the fraudsters. The victim’s phone loses service, and the fraudsters gain complete control over your phone number.
Consequences of Fraud
With control of your phone number, the hacker can intercept calls and text messages, including those used for multi-factor authentication on your other accounts, including but not limited to financial accounts, email, and social media profiles. That means they can drain bank accounts, make unauthorized purchases, and even apply for loans in your name.
Beyond financial loss, fraudsters can use the stolen information to commit further identity theft, causing long-term damage to the victim’s credit and personal reputation. That kind of mess can take years to clean up!
How can you keep yourself safe from this and other evolving cyber-threats?
- Use Strong Passwords: Ensure that your online accounts, especially those linked to your mobile carrier, have strong, unique passwords.
- Enable Two-Factor Authentication: Use MFA for your accounts. Consider using a biometric ID or an authentication app rather than one-time codes or links, as these are much more secure.
- Be Cautious with Personal Information: Be wary of sharing personal information online or over the phone. Verify the identity of anyone requesting such information.
- Set Up a PIN with Your Carrier: Many carriers offer the option to set up a PIN or password that must be provided before any changes can be made to your account.
- Monitor Your Accounts: Regularly check your financial accounts for any suspicious activity.
If you suspect you are or might be the victim of port-out fraud, contact your mobile carrier immediately to regain control of your phone number. Then, inform your bank and other financial institutions to secure your accounts, and consider credit monitoring services to ensure your continued security. You may also want to file a report with local law enforcement and consider reporting the incident to the Federal Trade Commission (FTC).
This is just one of the many cyber-threats leveraged against organizations like the one where you work, and they go after employee accounts by contacting staff members like you. Learning what these attacks do, what hackers want, and how to recognize the signs helps keep your data and your company’s data safe online.
Port-out fraud is a serious cyber security threat, but by staying vigilant and taking proactive measures, you can significantly reduce your risk of falling victim to this scam.
At Commonwealth Sentinel, we can evaluate your existing IT security and work with your team to improve it. We can also provide a complete source of services. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.
At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things.