It happened again. For the fourth time in the past six months, somebody contacted my mobile service provider claiming to be me, ordered a replacement SIM and ported my number to a new device.
Judging from a quick search online, I can see that I am not the only victim of this scam. All that is needed is a full name, mobile number and date of birth, and the fraudsters have all the verification needed to take charge of my mobile account. Once they have control, they can intercept any ‘two-factor’ authentication running via my phone (including internet banking) and take advantage of the info stored on my account (address, billing details).
The first thing that happens is that service appears to be down, so that you receive an ‘emergency calls only’ signal message. In some cases the scammers even send a text message prior to porting the number with a false indication that ‘service will be intermittent for the next 24 hours’ (this buys them time to conduct the scam). Once you work all this out, they have normally gone to work on stealing your details.
The fallout is everything connected to your mobile needs to be changed, and you may need to chase down any stolen money or expenses. It can be a frustrating and time-consuming mess.
After the first time this happened, I was keen to make sure it didn’t occur again and added a PIN to my account, an additional security measure. I’m certain that no one else can obtain this number, so it was to my surprise when the same problem occurred THREE more times. Obviously something was going on, so I tried to ‘hack’ my own account online. As you can see from the below screen grab, it was all too easy to replicate the scam as the staff never ask for my PIN.
*click to enlarge
I’ve raised the issue with my telco before, and each time the failure to ask for my PIN has been blamed on staff training. Whatever the case, I think it’s too simple to hack a mobile account for the purpose of porting a number to a different device, especially when two-factor mobile authentication has become a fairly standard security protocol.
But I’d like to know what you think. So, am I an easy target or should my mobile provider be doing better?