Cell phone porting
What is a cell phone porting or port-out scam?
Porting allows customers to take their phone number with them when they change phone carriers. A scammer finds out your name and phone number and then attempts to gather as much personal identifiable information (PII) as possible about you. PII includes name, address, Social Security number (Social Insurance number in Canada), date of birth, and other information that can be used for identity theft.
They then will contact your mobile provider, impersonating you, and inform them that your phone was stolen and request the number be “ported” with another provider and device. Once they have your number ported to a new device they can then start accessing and gaining entry to accounts that require additional authorization in terms of a code texted directly to your phone for security verification. Those added security measures are usually in place on accounts provided by email providers, social networks, tax preparation software, and even financial institutions. You may then notice loss of access to important accounts as the attacker changes passwords, steals your money, and gains access to other pieces of your personal information.
- Inquire with your wireless provider about port-out authorization. Every major wireless has some sort of additional security for accounts or for port-out authorization that customers can set up, like a unique pin, or add verification question, which will make it more difficult for someone to port-out your phone. Contact your mobile provider and speak to them specifically about porting and/or port out security on your account
- Watch out for unexpected “Emergency Calls Only” status. Call your mobile phone company if your phone suddenly switches to "emergency call service only" or something similar. That's what happens when your phone number has been transferred to another phone.
- Be vigilant in about communications you receive. Watch out for phishing attempts, alert messages from financial institutions, texts in response to two-factor authorization requests.
- Don't link your mobile number to online accounts. Once hackers steal your phone number, they leverage it to reset the password on any online account that’s linked to the number. In many cases, this bypasses two-factor authentication. That’s why having control of a phone number is so powerful. If possible, you should remove your phone number from any account that could interest hackers. You can still link a type of phone number to those accounts, but we suggest using a VoIP number, such as a Google Voice number, that is SIM hijack-proof. Of course, you must protect this number as well, using a unique password, two-factor authentication on the account, and making sure it doesn’t expire if you don’t use it regularly.