number port-out scams

May 18, 2018

T-Mobile Employee Made Unauthorized ‘SIM Swap’ to Steal Instagram Account

This post was originally published on this siteT-Mobile is investigating a retail store employee who allegedly made unauthorized changes to a subscriber’s account in an elaborate scheme to steal the customer’s three-letter Instagram username. The modifications, which could have let the rogue employee empty bank accounts associated with the targeted T-Mobile subscriber, were made even though the victim customer already had taken steps recommended by the mobile carrier to help minimize the risks of account takeover. Here’s what happened, and some tips on how you can protect yourself from a similar fate. Earlier this month, KrebsOnSecurity heard from Paul Rosenzweig, […]
August 1, 2018

Reddit Breach Highlights Limits of SMS-Based Authentication

This post was originally published on this siteReddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security. In a post to Reddit, the social news aggregation platform said it learned on June 19 that between June 14 and 18 an attacker compromised a […]
August 7, 2018

Florida Man Arrested in SIM Swap Conspiracy

This post was originally published on this sitePolice in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims. On July 18, 2018, Pasco County authorities arrested Ricky Joseph Handschumacher, an employee of the city of Port Richey, Fla, charging him with grand theft and money laundering. Investigators allege Handschumacher was part of a group of at least nine individuals scattered across multiple states who for the past two years have […]
September 12, 2018

U.S. Mobile Giants Want to be Your Online Identity

This post was originally published on this siteThe four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device. Here’s a look at what’s coming, and the potential security and privacy trade-offs of trusting the carriers to handle online authentication on your behalf. Tentatively dubbed “Project Verify” and still in the private beta testing phase, the new authentication initiative is being pitched as a way […]