ALERT! – Cellphone Port-Out Scam – ALERT!

Published On March 6, 2018 | By Tom Huskerson | Alerts

Cyber criminals have developed a new scam targeting your cell phone. Known as the ‘port-out scam’ criminals are are using stolen information to trick cell phone carriers into transferring legitimate phone numbers to new devices. The result is leaving consumers with dead cell phones and vulnerable to even more crimes.

Your cell phone is probably your single most important technology device. It contains information about nearly every facet of your life. African-Americans are the leading consumer of mobile technology making this scam extremely dangerous to our community.

Porting is a standard practice in the cellphone industry. A consumer can port their number to a new service provider or new device usually in minutes. With this scam, also known as the “SIM-swap scam” a criminal tricks a cellphone service provider into transferring your legitimate phone number to a phone under the scammer’s control. Once the number is ported, all calls and text messages sent to that number go instead to the scammer’s phone. This allows the scammer to bypass security features, like two-factor authentication, used to protect your sensitive email, banking, and social media account information.

Scammers use stolen data like your the last four digits of a Social Security number, a phone number, name on the account and the victim’s address. All of this information is easily obtainable on the dark web thanks to repeated data breaches of consumer information.

Using the stolen data the scammer contacts the wireless provider pretending to be the legitimate owner. After the scammer contacts the cell phone company they can easily change the PIN if one is not already set up. If you do have a PIN set up the scammer claims not to remember it then uses the last four of the victim’s social security number  and mailing address. The scammer’s next move is to request the wireless company port “their” number to a different phone. Once the provider switches the victims’ phone number to the criminal’s phone the victim’s phone will go dead. The scammer then uses the phone to reset passwords or gain entry to accounts that use two-factor text authentication. Criminals frequently target bank accounts. Once a bank account is accessed the scammer can quickly and easily transfer funds to an account that the scammer controls.

This scam is the latest and fastest growing cyber scam and can be financially devastating to victims. Cellphone service providers have begun taking steps to protect their customer’s accounts. T-Mobile, sent a text to notify customers to set up a port validation feature. This ensures that fraudsters could not port out your phone number without providing a passcode.

Fraud.org advises consumer to use the following steps to keep from being victimized by this scam.

  • Contact your carrier and ask them to add a unique personal identification number (PIN) to your account. This PIN will need to be provided any time you wish to make a change to your account, including upgrading your cell phone. This extra layer of security will help block any would-be scammer from running the port-out scam on your phone. The process for adding a PIN depends on your provider.
    • AT&T –  Log into your ATT.com account, go to your profile by clicking your name, and under the wireless passcode drop down menu, click on “manage extra security.”
    • T-Mobile – Call 611 or (800) 937-8997 from your cell phone to speak with a customer service agent.
    • Sprint – Sprint automatically requires their customers to set up a PIN when an account is opened.
    • Verizon – Visit vzw.com/PIN or call (800) 922-0204.
  • Always use good password hygiene. Regardless of account, choose a password that is unique, complex, and contains upper- and lower-case letters, numbers, and symbols. It is critical not to reuse passwords across multiple accounts. That way, if one account becomes compromised, then every account with that password can become compromised as well. For the best password security, use a password manager that creates and remembers random passwords.
  • Consider alternatives to text two-factor authentication. For your most important accounts, like your online bank account, see if they allow other versions of two factor authentication such as a security key or or a third-party authenticator app like Authy.
  • Be suspicious of emails or phone calls from people purporting to be from your bank. Remember, your bank will never ask you to enter confidential information in an email.

If, despite these steps, you become a victim you should:

  • Act quickly! Notify your cellphone provider and report any fraud to your bank. Quick action can minimize the damage the scammer could inflict. Your cellphone provider can turn off your phone number and prevent scammers from using that number to bypass two-factor text authentication.
  • Notifying your bank the moment you notice unauthorized charges or that you are at risk for fraudulent two-factor authentication can also minimize your liability.
  • File a report at Fraud.org using their secure online complaint form. They will share your complaint with their network of law enforcement and consumer protection agencies who can investigate and help put fraudsters behind bars. Then make sure you file a police report at your local police.

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. He attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has returned to focus on writing both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle. Most recently Tom has launched the blog African American Cyber Report. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *