FCC reminds mobile phone carriers they must do more to prevent SIM swaps

Siva Ramakrishnan
The Federal Communications Commission is warning mobile phone service providers to ensure they are shielding customers from cybercriminals who use fraudulent SIM swaps to take over unwitting victims’ mobile phone accounts.

The Federal Communications Commission is warning mobile phone service providers to ensure they are shielding customers from cybercriminals who use fraudulent SIM swaps to take over unwitting victims’ mobile phone accounts.

The warning comes on the heels of a Cyber Safety Review Board (CSRB) finding announced in August. The board detailed the operations of the hacking group Lapsus$, which was known for using SIM swaps to extort victims worldwide.

The new advisory, issued Monday by the FCC’s Privacy and Data Protection Task Force, says SIM swap fraud is increasing. It includes a reminder of updated requirements for telecommunications service providers to better guard consumer data.

SIM swappers seek to dupe mobile carriers into transferring a victim’s phone number to a new device, which is then used for fraudulent activity. Scammers have figured out how to take advantage of lax multifactor authentication practices, according to the CSRB, which urged mobile operators to move away from using easily intercepted methods like text-message codes.

The updated FCC rules mandate that carriers do more to securely verify customers identities prior to linking phone numbers to new devices or carriers.

“Cell phone service providers are high-value targets for cybercriminals and scammers because in many instances they serve as the primary means consumers use today to access their most important and valuable financial and personal information,” Loyaan Egal, FCC Enforcement Bureau Chief and chair of the Privacy and Data Protection Task Force, said in a press release.

The agency said carriers must quickly alert customers of account changes including whenever a password, customer response to “a carrier-designed back-up means of authentication,” or other records are altered.

While not a SIM swap, an incident last week in which Verizon gave a woman’s stalker access to her data — including her address and phone records — underscored the dangers of carriers failing to protect customers. The incident, which was first reported by 404 Media in conjunction with Court Watch, revealed that the stalker used a blatantly fake search warrant to obtain the records from the carrier.

TechnologyCybercrimeBriefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Suzanne Smalley is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.

 

Total
0
Shares
Previous Post

UK government risking ‘catastrophic ransomware attack,’ parliamentary report warns

Next Post

White House cyber director confirmed in Senate

Related Posts

Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw

Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component. According to the description of the bug in the NIST National
Avatar
Read More