In the News

FCC unveils its methods to stop SIM swapping scams and robocalls

Oct 1, 2021 Tech Radar

The FCC is taking the fight to scammers

The Federal Communications Commission (FCC) has laid out its plans to stop both SIM swapping attacks and robocalls in an effort to protect US smartphone users from fraud and identity theft.

For those unfamiliar, SIM swapping is a technique used by an attacker in which they convince a mobile carrier to transfer a victim’s phone number from their SIM card to one they own and control. Once in control of a victim’s number, the attacker can receive two factor authentication (2FA) messages to take over their online accounts.

The FCC’s Notice of Proposed Rulemaking puts forward a number of ways to address SIM swapping  such as amending the Customer Proprietary Network Information (CPNI) and Local Number Portability rules so that mobile carriers would have to authenticate that a customer really is who they say the are before redirecting their phone number to a new SIM card or device. At the same time, the notice proposes requiring mobile carriers to immediately notify customers whenever a SIM change or port request is made on their accounts.

In addition to SIM swapping, these new changes will also address port-out fraud which occurs when an attacker poses as a victim and opens an account with another carrier in their name. They then arrange for the victim’s phone number to be transferred or “ported out” to the account with the new mobile carrier which they control.