When it comes to protection against this insidious type of scam, the telcos’ authentication procedures leave a lot be desired, a study finds
Five major US wireless carriers – AT&T, T-Mobile, Verizon, Tracfone and US Mobile – are susceptible to SIM swap scams, a danger apparently looming large especially over prepaid accounts, a study by Princeton University researchers has found.
SIM swapping attacks, also known as port-out or SIM swap scams, have been a serious and growing problem of late, with its victims including Twitter CEO Jack Dorsey. It has previously been shown that attackers can, with relative ease, execute these attacks to commandeer control of people’s phone numbers. From there, they can break into the victims’ banking, social media and other accounts that use the same phone number for multi-factor authentication.
To test the carriers’ resilience to this type of fraud, the researchers created 10 simulated identities with all the bells and whistles, including names, dates of birth, and addresses. For each identity, they registered a prepaid account with all five wireless carrier providers, totaling 50 phone numbers. They then created a trail of phone calls and text messages, giving the accounts an aura of credibility.
Research assistants (RAs) then went on to pose as bad actors and called in the companies’ customer support representatives, trying to hoodwink them into unwittingly completing successful SIM swap fraud. If the “scammers” weren’t able to provide correct responses to the authentication challenges, they would feign ignorance and intentionally provide false answers. This hardly mattered in the end, however.
major wireless carriers vulnerable swapping attacks
