What is SIM Swapping / Porting?
SIM swapping or porting is probably one of the worst nightmares you could encounter with technology. Basically a malicious person steals your own phone number and then can impersonate you to take control of your bank accounts, amongst other important things. And since you don’t have your number anymore, it becomes very difficult to prove who you are when you try to recover your accounts.
In SIM swapping, a malicious person impersonates you in a call to your telco, pretends that the current SIM card is lost and requests a new SIM card to be sent to his address. They the hacker activates the new SIM and takes control of your number. The old SIM becomes inactive.
SIM porting works on the principle that mobile phones customers can easily change phone providers through number porting. In theory, it is a great thing, if I want to change from Optus to Vodafone and keep my own number, I just open a new service with Optus and state that I want to keep my number. When the Vodafone service gets activated, the number is simply ported from Optus to Vodafone and the Vodafone service becomes unavailable.
But what if someone else than you opens the Vodafone account? Well your number will be transferred to this person and the only thing you’ll see is a text message from Optus saying that your number is being ported out and then a few minutes later your phone will lose its Optus service.
By the time you reach out to Optus and convince them that your number got stolen, it might be too late and the thief might have already emptied your bank accounts!
Read this very good story: https://www.abc.net.au/everyday/protecting-yourself-from-phone-porting-and-sim-card-scams/100421586
What can you do to prevent it?
Unfortunately there is no foolproof way of preventing SIM swapping or porting:
- Protect your personal information: hackers will need to impersonate you to create the new (fake) account. Avoid posting any personal information on social media: address, date of birth, phone number, etc
- Ask your current telco what measures are in place to prevent your number being ported out. Ideally they should require a security code that only you can provide. Beware: the hacker might try to impersonate your telco to obtain that code
- Be suspicious of sudden loss of connectivity: if your phone loses its mobile network in a covered area and if there no outage, this might be the sign that your number been ported out. Reach out to your telco straight away.
- Use two factor authentication (2FA) instead of SMS codes in your account security. Unfortunately many services will fall back to SMS if the 2FA option is declined.