The FCC says new rules will curb SIM swapping. I’m pessimistic

Enlarge (credit: Getty Images | Panuwat Sikham)

After years of inaction, the FCC this week said that it’s finally going to protect consumers against a scam that takes control of their cell phone numbers by deceiving employees who work for mobile carriers. While commissioners congratulated themselves for the move, there’s little reason yet to believe it will stop a practice that has been all too common over the past decade.

The scams, known as “SIM swapping” and “port-out fraud,” both have the same objective: to wrest control of a cell phone number away from its rightful owner by tricking the employees of the carrier that services it. SIM swapping occurs when crooks hold themselves out as someone else and request that the victim’s number be transferred to a new SIM card—usually under the pretense that the victim has just obtained a new phone. In port-out scams, crooks do much the same thing, except they trick the carrier employee into transferring the target number to a new carrier.

This class of attack has existed for well over a decade, and it became more commonplace amid the irrational exuberance that drove up the price of Bitcoin and other crypto currencies. People storing large sums of digital coin have been frequent targets. Once crooks take control of a phone number, they trigger password resets that work by clicking on links sent in text messages. The crooks then drain cryptocurrency and traditional bank accounts.

Read 7 remaining paragraphs | Comments