WASHINGTON – One Monday morning in May, I woke up and picked up my phone to read the news and scroll through memes. But it was out of cell service. I was unable to make calls or text messages.
That, however, turned out to be the least of my problems.
Using my home Wi-Fi connection, I checked my email and discovered a notification that $20,000 was being transferred from my credit card to an unknown Discover Bank account.
I thwarted the transfer and reported the cell phone problems, but my nightmare was just beginning. Days later, someone managed to transfer $19,000 from my credit card to the same strange bank account.
I was the victim of a type of fraud known as port hijacking, also called SIM swapping. It is a less common form of identity theft. New federal regulations intended to prevent port hijacking are under review, but it is unclear how far they will go in stopping the crime.
Portability hijacking goes one step further than hacking a store, bank or credit card account. In this case, thieves take over your phone number. Any calls or texts go to them, not you.
When your own phone access is lost to a criminal, the same steps you took to protect your accounts, like two-factor authentication, can be used against you. It doesn’t help for a bank to send a text message to verify a transaction when the phone receiving the message is in the hands of the same person trying to break into your account.
Even if you are a relatively tech-savvy individual and follow all recommendations on how to protect your technology and identity, this could still happen to you.
Experts say these scams will only increase and become more sophisticated, and data shows they are on the rise.
I’m not the person who understands technology the most, but I am a journalist with a degree in law and specialized in financial reporting. Due to the online nature of my work, I’ve learned all the methods to stay safe online: constantly changing my passwords with multi-factor authentication, logging out of apps I don’t use regularly, and keeping my personal information off the internet. .
Still, despite being safe, I was vulnerable to criminals. And it took a lot of time and legwork before I got my money and phone number back.
The FBI’s Internet Crime Complaint Center reports that SIM swap complaints have increased more than 400% from 2018 to 2021having received 1,611 SIM swap complaints with personal losses of over US$68 million.
Complaints to the FCC about crime have doubled, from 275 complaints in 2020 to 550 reports in 2023.
Rachel Tobac, CEO of SocialProof Security, an online security company, says the crime rate is likely much higher since most identity theft goes unreported.
She also says that two-factor authentication is an outdated way to keep consumers safe, since you can find anyone’s phone number, birthday, and social security number through any public or private database on the web. .
Thieves’ ability to obtain your personal information was clarified again on Friday when AT&T said almost all of its customers’ data was downloaded to a third-party platform in a security breach two years ago. Although AT&T claims no personal information was leaked, cybersecurity experts have warned that breaches involving phone companies leave customers vulnerable to SIM swapping.
From now on, changing your number from one phone to another is easy and can be done online or over the phone. The process takes less than a few hours, as long as the criminal has your personal information at hand.
While consumers need to be smart about having a variety of different passwords and protections, consumers need to “put pressure on companies where it’s their job to protect our data,” Tobac said.
“We need them to update consumer protection protocols,” she said, as two-factor authentication is not enough.
FCC rules were recently changed to force companies to do more to protect consumers from this type of fraud.
In 2023, the FCC introduced rules that require wireless providers “adopt secure methods of authenticating a customer before redirecting a customer’s phone number to a new device or provider,” among other new rules. Businesses may require more information when a customer tries to port a phone number to another phone – from requiring government identification, voice verification, or additional security questions.
The rules were scheduled to take effect on July 8, but the On July 5, the FCC granted telephone companies an exemption this delays implementation until the White House Office of Management conducts a new review.
The wireless industry had sought the delay, stating, among other reasons, that companies need more time to comply. The CTIA, which lobbies on behalf of the companies, said the new rules will require major changes in technology and procedures, both within the wireless companies and in their interactions with phone manufacturers.
But if FCC rules had been in place, my phone number would have been harder to steal, experts say.
Ohio State University professor Amy Schmitz says the FCC’s new rules make it easier for consumers to protect themselves, but they still depend on consumer action and awareness.
“I still question whether consumers will be aware of this and take steps to protect themselves,” she said.
It took me ten days to get my number back from Cricket Wireless — and that only happened when I told company representatives that I was writing a story about my experience.
During this time, the scammer was able to access my bank account three times and ended up successfully transferring $19,000 from my credit card – despite me removing my bank account number, freezing my credit, changing all my passwords, among other measures .
Bank of America worked to reverse the $19,000 transfer after I visited a branch near the AP’s Washington bureau.
Cricket apologized for the error and said in an email that its “expectation is to provide a much better customer experience.”
“Fraudulent transfers are a form of theft committed by sophisticated criminals,” says a company statement sent to me by email. “We have measures in place to help defeat them and we work closely with law enforcement, our industry and consumers to help prevent this type of crime.”
A T&The T rep told me via email that “all providers are working to implement the new FCC rules on portability and SIM swapping.”
I’m still not sure how this person gained access to my accounts, whether through my social security number, phone number, or date of birth, or possibly through a recording of my voice.
It was a hard lesson in how vulnerable we are when you lose control of our personal information that is so publicly available.
This story originally appeared on ABCNews.go.com read the full story
