News broke recently on a huge phone port-out scam. If you don’t know what the scam is or if you’ve not yet taken action to protect your account, this post will get you up-to speed.
Potentially, anyone who has a cell phone with any of the phone carriers. Yes, this mostly likely includes you too. I am a T-Mobile customer so I will cover more from this angle. However, this is not a carrier specific issue. This is an industry-wide scam.
What is the port-out scam?
When you switch a phone line from one carrier to another, the transfer process is called “phone porting”.
Porting out a line is not difficult. If you’ve ever switched carriers, you know that you (or your new carrier) simply has to call or provide your account PIN to initiate the transfer. For carriers like T-Mobile and others, the PIN had been the last 4 digits of your SSN.
How the scam works:
- Fraudsters are impersonating you to port out your phone number with you carrier. This could be to a fake SIM. Ultimately, they want to take control of your phone number.
- Remember how you might have set up password recovery to your email or banking accounts? Those are usually set up with your phone number as a recovery method.
- Now that the fraudsters are in control of your phone number, they can recover access to your banking accounts to try to steal your money.
Why is this a big deal now?
Remember the huge Experian data breach in which the data of millions of people are compromised, including names, social security numbers and phone numbers? They already have a lot of your basic information.
Now, remember the PIN your phone carrier is using to secure your account? In T-Mobile’s case, it was the last 4-digit of the SSN. Given that SSN was one of the pieces of data that was also breached, that PIN is no longer secure after all. The fraudsters have enough information from previous breaches to impersonate you, port-out phone number, and get access to your accounts.
Can it happen to you?
Yes, it can!
If you are part of the Experian data breach (which almost everyone is) and your phone carrier relies on your SSN as your PIN, then you can be impacted by this scam.
It’s understandable if you’ve not heard of this scam yet. It had not be widely covered until reports started trickling from people who are victims of the scam. Unlike traditional scams, people aren’t directly tricked by giving out their information. The victims simply experienced the effects of the scam, when money is transferred out of their banking accounts.
The threat is real. You can read the accounts of those who have been victimized by this scam.
What Should You Do To Protect Your Account?
Contact your carrier. My phone carrier, T-Mobile, had sent a text to notify customers to set up a port validation feature. This way, fraudsters would not be able to port out your phone number without providing a port validation passcode. Your own phone carrier probably has something set-up something similar.
I called T-Mobile and I was able to set up a passcode with the phone rep in under 2 minutes. This PIN also replaces the account PIN – which had the the 4 digit of SSN – that you use to provide when you call in to validate your account.
I would preferred it if T-Mobile allows customers to enable the feature by logging in their account. Google Voice long has a phone number locking feature to prevent such unauthorized port-out.
What Else Have I Done To Protect My Accounts?
In addition to enabling the port validation feature to my account, I also took an added step of reviewing the username and password recovery process for sensitive (i.e. primary email/financial) accounts. I wanted to make sure that I have two-factor authentication enabled and that the recovery process isn’t just based on just text/phone method alone.
Fortunately, I feel a bit more secure in seeing that most of the banking sites have much more more stringent account recovery requirements, such as being able to provide your banking account numbers.
I’ve already been caught up in several data breaches through no fault of my own, so I feel like my information is just sitting duck out there somewhere. In spite of it, I still think it’s important to try to protect your accounts however you can.
If you haven’t called your carrier to protect your account yet, do so. A couple of minutes now could potentially save you hours and hours of headaches later.
Are you a victim of the port-out phone scam? How was your experience calling your carrier to add port out validation to your account?
Source: Travel Gadget Reviews