One of the most devastating ways for a hacker to ruin your life is with a SIM swap attack. By hijacking access to your mobile phone number, the criminal can receive your text messages and potentially break into your Internet accounts.
But in good news, the Federal Communications Commission plans to begin a formal rule-making process to stop SIM swap attacks, citing the growing danger and complaints from the victims themselves.
“The FCC has received numerous complaints from consumers who have suffered significant distress, inconvenience and financial harm as a result of a SIM card swap and porterage fraud,” the commission said. “In addition, recent data breaches have exposed customer information that could potentially facilitate the realization of these types of attacks.”
SIM swap attacks occur when employees of U.S. cellular service providers are tricked or sometimes even bribed into making changes to your account. The hackers will pretend to be you and convince your carrier to transfer your cell phone number to their own smartphone.
To achieve this, the hacker may rely on information exposed during previous data breaches, which may reveal your date of birth, residential address, and in the worst-case scenario, your social security number. If the mobile phone provider falls for the trap, the company will transfer your phone number to a new SIM card that hackers can plug into their device.
The hacker can then use your mobile phone number to break into your internet accounts, as cell phone numbers are often used to receive password reset codes. This most famous happened to Twitter CEO Jack Dorsey in 2019.
“Once they’ve done that, they can use your phone number to hijack your inbound messages and easily perform the type of two-factor authentication checks that financial institutions and social media companies use,” he said. FCC Interim President Jessica Rosenworcel said in a statement. “They can also be used to take over your email and empty your bank accounts.”
In response, the FCC wants to tighten the rules on how carriers handle the transfer of mobile phone numbers. This will include requiring cellular service providers to securely authenticate a customer before porting a phone number to a new device or a separate mobile operator. “We also propose that operators immediately notify customers whenever a SIM card change or port request has been made,” said Rosenworcel.
However, the FCC has yet to define effective warranties, which could take various forms. For example, the FCC is seeking comments “on the requirement of up to 24 hours (or some other period) for SIM exchange requests while notifying the customer via SMS, email, via the operator’s app or other push notification, and request verification of the request.
“In addition, we are seeking comments on whether we should impose customer service, training and / or transparency requirements specifically focused on preventing SIM swap fraud,” said the FCC. “Anecdotal evidence suggests that in some cases customer service representatives are not trained on the procedures to be followed when dealing with customers who have been the victims of SIM swap fraud.”
As a result, the rule-making process will take some time and requires first asking for public comment before the FCC can finalize the proposed regulations and take a vote. In the meantime, consumers can consult the FTC or the FBI for advice on how to prevent the SIM card swap.