Mobile phones not only contain our personal details and information about everyone we know; they are used to verify our identities and unlock access to our financial accounts.
Now scammers are using a process called a “port-out” to hack into our phones to change our passwords, steal our personal data and even empty our bank accounts.
Basics of the port-out scam
A port-out scam starts by manipulating the legitimate process you can use to move your mobile phone number from one carrier to another. A scammer calls a carrier and impersonates you to request that your mobile phone number and SIM card data be transferred to a new carrier and device owned by the scammer.
Once the scammer successfully ports out your number in this way, they are often able to use that as leverage to gain access to all your online accounts. That’s because like other online accounts, banks will respond to requests to change your password by sending the new password or a PIN to your phone.
Once the scammer uses a ported-out phone to change your passwords, not only are you locked out from accessing your accounts, but the scammer can now begin emptying them.
How to protect yourself
The key security vulnerability of the port-out scam is with the mobile phone carrier. When a customer calls to request changing their phone number to another carrier and device, the carrier will ask them to provide a PIN number. For some U.S. carriers including T-Mobile, the default PIN has been the last four digits of the customer’s Social Security number, unless they changed it to something else.
If you recall, last year the credit reporting agency Equifax disclosed that more than 143 million Americans – more than half the country – had their data exposed in a hacking security breach. The information exposed included names linked with phone numbers and Social Security numbers – in other words, everything a hacker would need to try a port-out scam.
Recently, T-Mobile sent text messages to customers warning them to change their PINs. It also set up a port-out protection page: https://www.t-mobile.com/customers/secure
No matter what carrier you use, it’s worthwhile updating your security information and PIN. It can take only minutes and it may avoid the devastating consequences of this scam. Make sure that the new PIN you choose is different from your carrier account password.
Here are the PIN protection links for the other three major U.S. carriers:
- AT&T: http://about.att.com/sites/cybersecurity/ni/blog/porting
- Sprint: https://shop2.sprint.com/en/legal/PIN_intro_popup.shtml