Important Member Alert: Mobile Phone Port-Out Scams

Fraudsters are impersonating mobile phone users to have phones transferred to a different carrier – effectively stealing the user’s mobile phone number. This is being coined as a port-out scam. Once transferred to a different carrier, the fraudster receives all calls and texts that were intended for the user – including those that can be used to takeover a member’s account via online banking. Fraudsters have successfully intercepted one-time passcodes used to authenticate members logging into their account or to initiate transactions within online banking.

How can you prevent this scam from happening to you?  You can place a “port validation password” on your mobile phone account to help prevent having your phone fraudulently transferred to a different carrier.

Call your wireless carrier and ask for PIN authentication for your accounts. Sprint requires customers to create a PIN when they open a new account. Here’s what to do with the other major carriers.

  • AT&T: Log into your ATT.com account, go to your profile by clicking your name, and under the wireless passcode drop down menu, click on “manage extra security.”
  • T-Mobile: Call 611 from your cellphone or (800) 937-8997 to speak with customer service.
  • Verizon: Visit vzw.com/PIN or call (800) 922-0204.

Scam Levels and Details

Mobile phone users switch carriers for a variety of reasons, and can carry their phone number with them to the new carrier. Meanwhile, fraudsters are exploiting this capability by impersonating mobile phone users to have the mobile phones ported to a different carrier. The fraudsters harvest the user’s personally identifiable information and use this information to impersonate users in having the mobile phones transferred to a different carrier.

The port-out scam can take place at a wireless store or online, but in both cases, the imposters have enough information to convince the phone company that they are who they claim to be and have that person’s phone service transferred to their mobile device.

“And with a smartphone, if you’re on Wi-Fi, everything’s going to work except the actual calling and texting, so you may not even notice right away that something’s wrong with your phone — which can give the scammers a few hours of lead time,” said Katherine Hutt, director of communications for the Council of Better Business Bureaus. “If that ever happens, if you can’t make calls or receive calls, immediately contact the phone company and see if your number has been ported.”

Online Banking Fraud: A fraudster often ports a user’s mobile phone to a different carrier after the fraudster has stolen the user’s account login credentials. This could increase the risk of account takeovers through online banking, which involves sending a one-time-passcode via text message for login attempts as well as to validate transactions initiated within online banking. Members must enter the one-time-passcode to complete the login or transaction. By transferring a member’s mobile phone to a different carrier, the fraudster would receive the one-time-passcode intended for the member.

Card Fraud: This scam could also result in fraudulent transactions using credit and debit cards. A fraudster, who has ported a cardholder’s mobile phone to a new carrier, could use a counterfeit or stolen credit or debit card belonging to the cardholder to conduct fraudulent transactions. If a card processor’s fraud management system detects a suspicious transaction, a fraud analyst could attempt to contact the cardholder to confirm the legitimacy of the transaction by calling the cardholder’s mobile phone. However, the call is made to the fraudster who confirms the transaction as legitimate.

Card fraud could be worsened when, after confirming a suspicious transaction as legitimate, the card is suppressed for a period of time – usually seven days. It is common practice for card processors to suppress a card when the fraud management system identifies a suspicious transaction that a cardholder confirms is legitimate. When a card is suppressed, transactions on the card are not monitored by the fraud management system.

Email Fraud: Many public email service providers also offer out-of-band authentication using one-time passcodes that are sent via text message to user’s mobile phones. This could easily lead to a compromise of a member’s personal email account after a fraudster ports the member’s mobile phone to a different carrier.

Read more about mobile port-out scams from NBC News.

If at any time you feel any of your First Financial accounts may have been compromised in a similar scam, contact our Member Relationship Center right away at 732.312.1500. If your First Financial credit or debit cards were compromised in a scam, call the 24/7 toll-free number on the back of your card to report the incident and replace your card. All important phone numbers for members can be found on our website: https://www.firstffcu.com/contact-us.htm

Article Source: CUNA Mutual Risk Alert, and Herb Weisbaum for NBCNews.com

 

How to Protect Your Mobile Phone from Scammers

Keep your cell phone number to yourself. “The new Social Security number … is your cell number,” said Thomas Martin, president of Martin Investigative Services and author of “Seeing Life Through Private Eyes.” Your smartphone “is a gateway to your living room to your bedroom, to your life.”

Beware of text messages. Scammers may send text messages that look as if they come from a legitimate source, like a bank, a practice known as smishing. It could be an offer for a coupon, a free gift card, or a text that says you won a prize.

The link could direct you to a website where you’ll be tricked to share your personal information or one that can install malware on your phone. A hacker can try to encourage you to download an application that can compromise your phone. Don’t click on a text!

Make sure you update your phone’s operating system. It will make it harder for a hacker to exploit your smartphone’s software. “Attackers just need to find one way in,” said Janne Lindqvist, an assistant professor of electrical and computer engineering at Rutgers University in New Brunswick. “It could be malicious apps that are exploiting a vulnerability that hasn’t been patched yet.”

Once opened, a hacker could read text messages and emails, have access to passwords or take over your mobile phone.

Protect your smartphone with a passcode. (And don’t make it something unsecure, like 1234.) “You should make sure if someone steals your phone, they can’t unlock it right away,” Lindqvist said.

Activate your smartphone’s tracker, such as Find My Phone, and the ability to wipe your phone remotely. If someone takes it, you’ll have a way to track it down or delete your data.

Control your risk. Try not to share a mobile phone number. Lindqvist only uses his cell phone to make calls or send texts. ”

If you think you are the victim of a scam, don’t wait until it’s too late! Be sure to enroll in First Financial’s Identity Theft Protection Program from Sherpa today. The best part? You can enroll right online, 24/7. You can trust in First Financial and Sherpa to help keep your personal information protected. Packages begin at just $5.99 per month – so click here to enroll today!

Article Source: David P. Willis for the Asbury Park Press, http://www.app.com/story/money/business/consumer/press-on-your-side/2017/07/21/heres-how-protect-your-mobile-phone/489922001/