Fraudsters are impersonating mobile phone users to have phones transferred to a different carrier – effectively stealing the user’s mobile phone number. This is being coined as a port-out scam. Once transferred to a different carrier, the fraudster receives all calls and texts that were intended for the user – including those that can be used to takeover a member’s account via online banking. Fraudsters have successfully intercepted one-time passcodes used to authenticate members logging into their account or to initiate transactions within online banking.
How can you prevent this scam from happening to you? You can place a “port validation password” on your mobile phone account to help prevent having your phone fraudulently transferred to a different carrier.
Call your wireless carrier and ask for PIN authentication for your accounts. Sprint requires customers to create a PIN when they open a new account. Here’s what to do with the other major carriers.
- AT&T: Log into your ATT.com account, go to your profile by clicking your name, and under the wireless passcode drop down menu, click on “manage extra security.”
- T-Mobile: Call 611 from your cellphone or (800) 937-8997 to speak with customer service.
- Verizon: Visit vzw.com/PIN or call (800) 922-0204.
Scam Levels and Details
Mobile phone users switch carriers for a variety of reasons, and can carry their phone number with them to the new carrier. Meanwhile, fraudsters are exploiting this capability by impersonating mobile phone users to have the mobile phones ported to a different carrier. The fraudsters harvest the user’s personally identifiable information and use this information to impersonate users in having the mobile phones transferred to a different carrier.
The port-out scam can take place at a wireless store or online, but in both cases, the imposters have enough information to convince the phone company that they are who they claim to be and have that person’s phone service transferred to their mobile device.
“And with a smartphone, if you’re on Wi-Fi, everything’s going to work except the actual calling and texting, so you may not even notice right away that something’s wrong with your phone — which can give the scammers a few hours of lead time,” said Katherine Hutt, director of communications for the Council of Better Business Bureaus. “If that ever happens, if you can’t make calls or receive calls, immediately contact the phone company and see if your number has been ported.”
Online Banking Fraud: A fraudster often ports a user’s mobile phone to a different carrier after the fraudster has stolen the user’s account login credentials. This could increase the risk of account takeovers through online banking, which involves sending a one-time-passcode via text message for login attempts as well as to validate transactions initiated within online banking. Members must enter the one-time-passcode to complete the login or transaction. By transferring a member’s mobile phone to a different carrier, the fraudster would receive the one-time-passcode intended for the member.
Card Fraud: This scam could also result in fraudulent transactions using credit and debit cards. A fraudster, who has ported a cardholder’s mobile phone to a new carrier, could use a counterfeit or stolen credit or debit card belonging to the cardholder to conduct fraudulent transactions. If a card processor’s fraud management system detects a suspicious transaction, a fraud analyst could attempt to contact the cardholder to confirm the legitimacy of the transaction by calling the cardholder’s mobile phone. However, the call is made to the fraudster who confirms the transaction as legitimate.
Card fraud could be worsened when, after confirming a suspicious transaction as legitimate, the card is suppressed for a period of time – usually seven days. It is common practice for card processors to suppress a card when the fraud management system identifies a suspicious transaction that a cardholder confirms is legitimate. When a card is suppressed, transactions on the card are not monitored by the fraud management system.
Email Fraud: Many public email service providers also offer out-of-band authentication using one-time passcodes that are sent via text message to user’s mobile phones. This could easily lead to a compromise of a member’s personal email account after a fraudster ports the member’s mobile phone to a different carrier.
If at any time you feel any of your First Financial accounts may have been compromised in a similar scam, contact our Member Relationship Center right away at 732.312.1500. If your First Financial credit or debit cards were compromised in a scam, call the 24/7 toll-free number on the back of your card to report the incident and replace your card. All important phone numbers for members can be found on our website: https://www.firstffcu.com/contact-us.htm
Article Source: CUNA Mutual Risk Alert, and Herb Weisbaum for NBCNews.com