FCC Enacts Stronger Rules to Protect Customers Against SIM Swap Attacks

Nov 17, 2023NewsroomFraud Prevention / Mobile Security

The US Federal Communications Commission (FCC) has adopted new rules aimed at protecting consumers from cell phone account scams that make it possible for malicious actors to orchestrate SIM swap attacks and port-out fraud.

“The rules help protect consumers from scammers who target data and personal information by surreptitiously swapping SIM cards to a new device or porting phone numbers to a new carrier without physical control of a consumer’s phone,” FCC SAYS this week.

While SIM swapping refers to transferring the user’s account to a SIM card controlled by the scammer by convincing the victim’s wireless carrier, port-out fraud happens when a bad actor, posing as a victim, transfers their phone number from one service provider to another without their knowledge.

Cybersecurity

The new rules, first proposed in July 2023requires wireless providers to adopt secure methods to authenticate a customer before redirecting a customer’s phone number to a new device or provider.

Another requirement ensures that customers are immediately notified when a SIM change or port-out request is made to their accounts so they can take appropriate action to prevent attacks.

SIM swapping has emerged as a serious threat, enabling threat actors such as LAPSUS$ and Scattered Spider to infiltrate corporate networks. Switching the service to an actor-controlled device gives attackers the ability to divert SMS-based two-factor authentication codes and take over victims’ online accounts.

“Because we often use our phone numbers for two-factor authentication, a bad actor who controls a phone can also control financial accounts, social media accounts, list,” said FCC Commissioner Geoffrey Starks.

“Consumers need to be able to rely on secure verification methods and reliable privacy guarantees from their wireless providers. And they need to go about their day without fear that someone, somewhere, might.” g can control their phone without a single warning sign.”

Cybersecurity

The development comes as the FCC says it is also launching an inquiry to understand the impact of artificial intelligence (AI) on robocalls and robotexts.

“AI will improve the analytics tools used to block unwanted calls and texts and restore trust in our networks,” the agency said. SAYS. “But AI could also allow bad actors to more easily deceive consumers through calls and text messages, such as using the technology to impersonate the voices of public officials or other credible origin.”

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment