“Treat your mobile phone account like your most valuable bank account.” A cybercriminal who knows your name, cell phone number and address or date of birth can claim to be you and ask your mobile service provider to port out your number to a different SIM card (known as a “SIM swap”) or carrier. The technique has become prevalent as US telephone companies don’t mandate an in-person visit, as is required in other parts of the world. They will now be able to receive calls and texts meant for you (while your personal phone is disconnected). Frighteningly, this can be a means by a scammer to defeat 2FA as part of an identity theft attack.
First, get a pin number or passcode from your provider to control access to your account. Once a pin or password is set up with your provider, for example Verizon®, they will demand it upfront for any future account interactions, preventing a scammer from masquerading as you. All major providers provide this protective capability.
There are a few additional actions you may be able to take with your phone service provider for improved protection:
● Set up a “port freeze” on your cellphone to prevent a phone number transfer without personal authorization. Verizon offers this to its customers.
● Request that your SIM chip be locked to your phone.
● Get a SIM PIN number to lock your SIM to your phone.
Sprint (S) appears to have the most comprehensive solution to protect its customers. It first requires a pin number, then an answer to a security question and finally a 2FA interchange before a SIM swap is permitted.
FOR FURTHER READING:
CyberGuardian: a SecureTheVillage Guide for Residents is available on Amazon.
A complete Security Checklist is available: https://www.nerdsiview.com/security-checklist-2/
References for Village Residents are available at SECURE THE VILLAGE: https://securethevillage.org/residents
Cyber Smart, p. 206, 207 Bart McDonough, Wiley, 2019.