The Federal Communications Commission is warning cell phone service providers to ensure they protect their customers from cybercriminals who use fraudulent SIM swaps to take over victims’ cell phone accounts without their knowledge.
The warning follows a conclusion from the Cyber Safety Review Board (CSRB) announced in August. The board detailed the hacking group’s operations Slip of the tongue$known for using SIM swaps to extort victims around the world.
THE new review, released Monday by the FCC’s Privacy and Data Protection Task Force, indicates that SIM swap fraud is on the rise. It includes a reminder of updated requirements for telecommunications service providers to better protect consumer data.
SIM swappers seek to trick mobile operators into porting a victim’s phone number to a new device, which is then used for fraudulent activity. Fraudsters have figured out how to take advantage of lax multi-factor authentication practices, according to the CSRB, which has urged wireless carriers to stop using easily intercepted methods such as text messaging codes.
The updated FCC rules require carriers to do more to securely verify customer identities before linking phone numbers to new devices or carriers.
“Mobile phone service providers are high-value targets for cybercriminals and fraudsters because in many cases they are the primary way consumers today access their most important financial and personal information and most valuable,” Loyaan Egal, head of the FCC’s Bureau of Enforcement and chairman of the Privacy and Data Protection Working Group, said in a Press release.
The agency said carriers must promptly alert customers of account changes, including whenever a password, the customer’s response to “a carrier-designed fallback means of authentication” or other records are modified.
While not a SIM swap, an incident last week in which Verizon gave a woman’s stalker access to her data – including her address and phone records – highlighted the dangers of operators not protecting their customers. The incident, which took place first reported by 404 Media in collaboration with Court Watch, revealed that the stalker used a patently false search warrant to obtain the carrier’s records.
Future saved
Intelligence cloud.
No previous articles
No new articles
Suzanne Smalley is a reporter who covers privacy, misinformation and cybersecurity for The Record. She was previously a cybersecurity journalist at CyberScoop and Reuters. Earlier in her career, Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.