WASHINGTON (AP) – On a Monday morning in May, I woke up and picked up my cell phone to read the news and read memes. But it was out of cell service. I couldn’t call or write.
However, that was the least of my problems.
Using my home Wi-Fi connection, I checked my email and received a notification that $20,000 was being transferred from my credit card to a random Discover Bank account.
I interrupted the transmission and reported the cell phone issues, but my nightmare was just beginning. Days later, someone was able to transfer $19,000 from my credit card to the same mysterious bank account.
I was the victim of a type of fraud known as port-out hijacking, also called SIM-swapping. It is a rare form of identity theft. New federal laws aimed at curbing port-out hijackings are being considered, but it’s unclear how far they will go in stopping the crime.
Port-out hijacking is more than just shoplifting, banking or credit card fraud. In this case, thieves take your phone number. Any calls or letters go to them, not you.
When a hacker loses access to your phone, the steps you’ve taken to protect your accounts, like two-factor authentication, can be used against you. It doesn’t help to have the bank send a text to confirm the transaction when the phone that receives the text is in the hands of someone trying to hack your account.
Even if you’re a tech savvy person who follows all the recommendations to protect your technology and data, it can still happen to you.
Experts say that these scams will only increase and become more complex, and data shows that they are increasing.
I’m not the most tech-savvy, but I’m a law school-educated accountant who specializes in financial reporting. Due to the nature of my online work, I was taught all the ways to stay safe online: regularly changing my passwords with multi-factor authentication, logging out of apps I don’t use them regularly and keep my information offline. .
However, even though I was safe, I was vulnerable to criminals. And it took a lot of time and work before I got my money and phone number.
The FBI’s Cybercrime Complaint Center reports that SIM swapping complaints have increased over 400% from 2018 to 2021, receiving 1,611 SIM swapping complaints with more than $68 million.
Complaints to the FCC about crime have doubled, from 275 complaints in 2020 to 550 reports in 2023.
Rachel Tobac, CEO of SocialProof Security, a cyber security company, says the crime rate is so high because so many identity thefts go unreported.
He added that two-factor authentication is a classic way to keep consumers safe, as it is possible to find anyone’s phone number, date of birth and social security number with any number of public or private databases on the web.
The ability of hackers to access personal information was highlighted again Friday when AT&T said data on nearly all of its customers was downloaded to a third-party platform in a security breach over the past two years. Although AT&T says no personal information has been exposed, cyber security experts have warned a breach involving mobile phone companies leaves customers vulnerable to SIM switching.
From now on, changing numbers from one phone to another is easy and can be done online or over the phone. The process takes less than a few hours as long as the hacker has your personal information.
While consumers need to be smart about having different passwords and security measures, consumers must “put pressure on companies where their job is to protect our data,” Tobac said.
“We need them to improve customer security protocols,” he said, since two-factor authentication is not enough.
FCC rules have recently changed to force companies to do more to protect consumers from this type of scam.
In 2023, the FCC introduced rules requiring phone providers to “enter into secure customer verification procedures before transferring a customer’s phone number to a new device or carrier” among other new rules. phone number to another phone – from requiring government identification, voice verification or other security questions.
The rules were scheduled to go into effect on July 8, but the FCC on July 5 issued a fine to phone companies delaying implementation until the White House Administration conducts another review.
The telecommunications industry had sought the delay, citing among other reasons that companies needed more time to comply. CTIA, which represents the companies, says the new rules will require major changes in technology and processes within wireless companies and in their dealings with phone manufacturers.
But if FCC rules were in place, my phone number would have been harder to steal, experts say.
Ohio State University professor Amy Schmitz said the FCC’s new rules make it easier for consumers to protect themselves, but it still depends on the actions and awareness of consumers.
“I’m wondering if consumers will realize this and take action to protect themselves,” he said.
It took ten days to get my number back from Cricket Wireless – and it wasn’t until I told the company representatives that I was writing a story about my experience.
During that time, the fraudster managed to access my bank account three times and finally successfully transferred $19,000 from my credit card – even though I removed my bank account number, by closed my credit, changed all my passwords, among other steps.
Bank of America worked to return the $19,000 phone after I visited a branch near the AP office in Washington.
Cricket apologized for the error and said in an email that “its focus is to provide a better customer experience.”
A statement from the company emailed to me reads: “Withdrawal fraud is a form of theft by sophisticated criminals. help prevent this type of crime.”
An AT&T representative told me in an email that “all carriers are working to implement the new FCC regulations regarding SIM swaps.”
I’m still not sure how this person got into my accounts, whether it was my social security number, phone number or date of birth, or maybe my recorded voice.
It’s been a hard lesson in how vulnerable we are when you lose control of our publicly available personal information.
#Whats #worse #thieves #stealing #bank #account #dont #steal #phone #number