Port-Out Scams: Hijacking your phone number
A “Port-Out Scam” is a technique used by hackers where they trick phone carriers into transferring a consumer’s phone number to a new phone. This shuts off the phone of the original user and then forwards all calls to the new device.
The purpose of this technique is to steal your phone number, transfer the number to a device that the hackers control, and then intercept text-based authentication messages from your bank, credit cards, and other accounts with two-factor enabled. Most of the time you will not notice this is happening until you see that your mobile device has lost cell service, or you lose access to important accounts.
This method of attack has been a particular problem for the crypto community who seem to have disproportionately been affected by this line of attack. It is a devastating attack, which can move like wild-fire through your digital environment, if you haven’t taken the proper precautions. The victims of this who we have spoken to all suffered significant financial loss and discovered there were no services available to help them during and after the attack.
A port-out scam can be particularly devastating, but it starts in the same way as almost all cyber-attacks and isn’t specific to any community.
Cyber-thieves typically begin an attack against a phone number having already stolen the password for the customer account associated with the carrier network. This is an important point to understand and this can happen in any number of ways. It is likely that crypto users may be specifically targeted at conferences or other meetups where the wifi could be compromised. The purpose of doing so is that once the crypto holders device is compromised the attack is essentially complete given the fact that holders act as their own banks.
How to secure your phone accounts:
- Use Rubica on your devices, which combines a secure VPN and security protections
- Wherever possible, we recommend using the authenticator App method for two step authentication (such as Google Authenticator, or other app-based codes) rather than text message or voice codes.
- Password managers and good password security continues to be an important component of good cyber hygiene.
- The telecom companies themselves also recognize this problem and offer extra layers of security, which should be added to prevent this problem occurring. (Searching for AT&T/Verizon/T-Mobile and extra security should get you the correct information)
This whole method of attack is a reminder that good cyber security for individuals needs to be advanced, constant and as seamless as possible. There is only one product offering that, Rubica.
