Author Jose-Miguel Maldonado
A “Port-Out Scam” or “SIM-jacking” are techniques used by hackers where they trick phone carriers into transferring a consumer’s phone number to a new phone. This shuts off the phone of the original user and then forwards all calls and text messages to the new device.
The purpose of this technique is to steal your phone number, transfer the number to a device that the hackers control, and then intercept text-based authentication messages from your bank, credit cards, and other accounts with two-factor enabled. Most of the time you will not notice this is happening until you see that your mobile device has lost cell service, or you lose access to important accounts.
This method of attack has been a particular problem for the crypto community who seem to have disproportionately been affected by this line of attack. It is a devastating attack, which can move like wild-fire through your digital environment, if you haven’t taken the proper precautions. Many SIM-Jacking victims suffered significant financial loss and discovered there were no services available to help them during and after the attack. A port-out scam can be particularly devastating, but it starts in the same way as almost all cyberattacks and isn’t specific to any community.
Cyber-thieves typically begin an attack against a phone number having already stolen the password for the customer account associated with the carrier network. This is an important point to understand and this can happen in any number of ways. It is likely that crypto users may be specifically targeted at conferences or other meetups where the wifi could be compromised. The purpose of doing so is that once the crypto holders device is compromised the attack is essentially complete given the fact that crypto holders act as their own banks.
How to secure your cell phone account:
Use unique credentials for each online account (including your cell phone account) and utilize a password manager to keep track of all your credentials. You want unique credentials for your cell account just in case those creds have been compromised in a data breach
Ensure you have MFA enabled on your online cell phone account with your carrier
Add an additional passcode or verbal phrase with your carrier so you have an additional layer of security protecting your phone number when interacting with customer support (ATT, Verizon, T-Mobile)
Be cautious about tapping on any text messages from your cell company asking you to update information. Always go directly to your cell carrier’s website or use their native app (e.g. myATT, Verizon app, etc.)
By following these tips you can add additional layers of security to your cell phone and make it harder for cyber attackers to port your number to a new device.
About the author: Jose-Miguel Maldonado is the VP of Business Ops & Security at Rubica, a cybersecurity startup, and has acquired a reputation for creating cybersecurity champions out of non-technical people.