The Federal Communications Commission of the U.S.A. seeks to implement a legal obstacle to the common SIM swapping and port-out attacker TTPs that usually target banking clientele.
SIM swapping and port-out TTPs are basically 3rd party fraud techniques that include the (at least) tacit support from the telco side with the goal to hijack someone’s phone number and get access to two-factor authentication codes for financial services in particular
SIM-swapping and port-out fraud are similar types of scams that involve social engineering skills from the threat actor.
Typically, a fraudster with personal details about their target calls the victim’s cell phone carrier asking to transfer the service to a different device or another carrier.
If successful, all communication is directed to the attacker, including two-factor authentication codes, necessary for identity verification when logging into an account or for password reset procedures.
Unauthorized porting or port-out fraud is a variation of the same type of identity theft. Criminals use stolen information to transfer (port) the wireless phone number and account to another company.
As you can see, both scams involve the active contribution of someone working for or at least a bold negligence and carelessness by the telcos.
So if the FCC’s planmaking means that the tables will be turned on the telcos, the idea will work. If not, it won’t.
Be the first to comment on "SIM swap & Port-Out Fraud Techniques are Targeted by FCC"