FCC adopts new rules for wireless providers to rein in SIM swapping

Avatar

The Federal Communications Commission (FCC) has adopted new rules designed to stop the practice of SIM swapping.

The tactic involves convincing a target’s wireless carrier to transfer the victim’s service to a cell phone controlled by hackers, giving them access to passwords and other personal information. It has caused billions in losses and continues to be a go-to tactic for some of the most prolific hacking groups.

The FCC’s new rules, announced this week, will force wireless providers to “adopt secure methods of authenticating a customer before redirecting a customer’s phone number to a new device or provider.”

“The new rules require wireless providers to immediately notify customers whenever a SIM change or port-out request is made on customers’ accounts, and take additional steps to protect customers from SIM swap and port-out fraud,” the FCC said.

“These new rules set baseline requirements that establish a uniform framework across the mobile wireless industry while giving wireless providers the flexibility to deliver the most advanced and appropriate fraud protection measures available.”

The rules adopted by the FCC are an update to the Customer Proprietary Network Information (CPNI) and Local Number Portability rules previously in place.

The FCC also asked for the public to reach out about other ways to stop SIM swap and port-out fraud — a similar scam where hackers pose as a victim and open accounts with another carrier under their name.

The bad actor then arranges for the victim’s phone number to be transferred — or “ported out” — to a new account controlled by the bad actor

The FBI said last year that Americans had lost more than $68 million to SIM-swapping attacks in 2021, a number that has been exponentially increasing since 2018 when the agency first began tracking this threat.

FCC chairwoman Jessica Rosenworcel said they are getting more and more complaints from consumers who have suffered losses due to SIM-swapping fraud and noted that the Department of Homeland Security has released reports on multiple gangs that have become experts at carrying out the scheme.

“We require wireless carriers to give subscribers more control over their accounts and provide notice to consumers whenever there is a SIM transfer request, in order to protect against fraudulent requests made by bad actors,” she explained.

“We also revise our customer proprietary network information and local number portability rules to make it harder for scam artists to make requests that get them access to your sensitive subscriber information. We take these steps to improve consumer privacy and put an end to SIM scams. Because we know our phones know a lot about us. They are an entry to our records, our accounts, and so much that we value.”

She added that the FCC earlier this year created the first-ever Privacy and Data Protection Task Force to address issues like SIM swapping and more.

NewsGovernmentTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Russian analysts point finger at China, North Korea over cyber activity

Next Post

More than 330,000 Medicare recipients affected by MOVEit breach

Related Posts

UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying

The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments. "Persistence mechanisms encompassed network devices, hypervisors, and virtual machines, ensuring alternative channels remain available
Avatar
Read More

Millions of Malicious ‘Imageless’ Containers Planted on Docker Hub Over 5 Years

Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. "Over four million of the repositories in Docker Hub are imageless and have no content except for the repository
Avatar
Read More