Technology FCC adopts new rules for wireless providers to rein in SIM swapping

vtqhtr413

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 17, 2017
1,480
The tactic involves convincing a target’s wireless carrier to transfer the victim’s service to a cell phone controlled by hackers, giving them access to passwords and other personal information. It has caused billions in losses and continues to be a go-to tactic for some of the most prolific hacking groups.

The FCC’s new rules, announced this week, will force wireless providers to “adopt secure methods of authenticating a customer before redirecting a customer’s phone number to a new device or provider.”

“The new rules require wireless providers to immediately notify customers whenever a SIM change or port-out request is made on customers’ accounts, and take additional steps to protect customers from SIM swap and port-out fraud,” the FCC said.

“These new rules set baseline requirements that establish a uniform framework across the mobile wireless industry while giving wireless providers the flexibility to deliver the most advanced and appropriate fraud protection measures available.
 

Marko :)

Level 20
Verified
Top Poster
Well-known
Aug 12, 2015
965
Just now? SIM swapping was never a thing here in Europe. I literally never heard someone's number was taken over because of strict privacy laws. Here you can't even get a SIM card over the phone; you can only get it by visiting the carrier store. Even when contacting customer service for basics, they'll ask you a million things to verify it's just you.

I remember, few years ago when I was still on prepaid. I sent the SMS for activation of internet package, and I accidentally did it twice; so I paid two times. Called the customer service and I was surprised as they asked me when was the last time I topped up the balance, with how much and what is my current prepaid balance.
 

SimeonOnSecurity

New Member
Oct 26, 2023
6
We will see how it plays out. But regardless of regulations, people are always going to be the weakest link. Companies already were trying to prevent sim swapping, but it still happens.
SIM swapping isn't one of the easiest attacks. You'd have to research the person you're trying to swap SIMs on. You'd know the answers to basic security questions and likely their full SSN.
So unless they make it mandatory to do it in person with ID and have to verify you have access to the original number or card on the account in person, I don't see a good way to prevent this issue moving forward.
You can mitigate things for yourself by not using the number associated with your SIM at all, using solely VOIP numbers and using 2FA and randomly generated passwords to access those accounts.
Or, if that isn't an option, use random information for the answers to your security questions and a service like Privacy.com to ensure that no one is going to steal that card info from any other service.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top