Port-out scams involve the malicious transfer of a phone number, away from its current telephone company to another.
By using social engineering and other methods, cybercriminals gain access to mobile phone numbers, subsequently taking over the digital assets of the person it belongs to.
Shocking as it may seem, many phone company representatives require very little details about a person’s account, in order to initiate a porting out of the phone number. Some of that information can be publicly available, or be part of a large scale security breach, such as that of Equifax.
Losing one’s phone number to a hacker puts domain portfolios to immediate danger. No longer protected by two factor authentication, these domain portfolios can be stolen and transferred out.
We are aware of several cases that the method of port-out scamming was utilized, in order to hijack valuable domain names, one of which was the theft of 988.com.
To combat such incidents of unlawful porting of phone numbers, cellphone companies such as T-Mobile, now add an extra layer of protection; a dedicated PIN number, once added to the account, will have to be provided in order to port out the phone number.
Read more about T-Mobile’s protection layer against port-out scams.
This is the crux of the issue, and while TV and movies always show fictitious hackers using extreme digital skills to gain access to accounts, in reality it’s just some scammer from Africa calling your phone or internet company, giving them your name and address (which are freely available online), thereby gaining total access to your domain accounts through the insipid “forgot my password” function that auto-emails a password change link to your now-hacked email or a PIN code to your now-ported phone number.
The weak link is always the support personnel at your phone or internet company freely giving full access to scammers and phishers – the almost total lack of accountability is appalling. And the holidays are the optimal time to pull this scam as it’s tougher to get support to reverse the damage and it often goes unnoticed for longer. After my internet support freely gave control of my primary email to some scammer in Morocco (I noticed quickly and halted the damage) I now have alpha-numeric codes that need to be provided before anyone can change anything about my primary phone or internet accounts and everyone should do the same.
VM Freeman
DomainRecap.com
I just called my T mobile and got it done within 3 mins.
It seems like the only ID we have now to protect (for now) is our phone #
SS# is so obsolete.
Any inquiries about your info coming outside of USA especially from China and Russia should be blocked.
More robo calls ….this is the IRS and there is a lien agst you and we care coming for U…(Indian accent)…
Take a look at coincheck.com site–i bet it is an inside job that “stole” the money or sold the info to outsiders to hack the account.
My email got hacked and my godaddy info was changed and 2 factor added.My saving grace was that i got in touch with my godaddy account rep and he got that changed asap.The same hacker also went to verizon to try to change my number into another phone but lucky my wife got an alert and blocked that as she got an alert about the change.Phone companies like Verizon and others need step up and protect once anyone from accessing or ask for proof and other questions and hackers should be apprehended right away when they are there to carry out this acct.Another thing is ,phone companies hiring new employees should make sure they are not working as an insider to be able to change personal infos of their customers.If found guilty should be jailed for life,period.