TSB customers have noted a marked increase in the occurrence of “port-out” fraud in the month of May. This type of fraud involves using a ported telephone number to gain access to unsuspecting victims’ bank accounts.
When engaging in port-out fraud, the fraudster will convince the mobile telephone service provider to move the victim’s number to a SIM card. The fraudster controls this SIM card and then uses it to access the text messages that would otherwise go to the victim. Once the fraudster is able to intercept text messages, he or she can take advantage of password reset services, two-factor authentication practices, and other similar practices in order to gain access to the victim’s online bank accounts, credit card information, and other financial data.
What is Number Porting?
Number porting is not, in and of itself, a bad thing. It is a legitimate service that telecommunications providers offer to their customers. Using number porting, a customer can switch service providers without losing his or her phone number. The old number is simply ported to the new device and/or data network provider. To facilitate this, the old service provider gives the customer a code known as a Porth Authorisation Code (“PAC” for short). The PAC is used to complete the port.
This service was implemented in response to a law passed nearly 15 years ago; the aim of the law was to prevent consumers from being “locked in” to a certain service provider for fear of losing their phone number.
Sadly, fraudsters have discovered that port-out fraud can be very lucrative. As a result of this type of fraud, many people have suffered significant financial loss. One such customer ended up losing £6,000 after a fraudster used the customer’s number and transferred it to a new SIM card.
The Timing of the Port-Out Fraud Increase
Recently, TSB updated its computer systems. An unintended effect of this was to lock 1.9 million users from their accounts. Fraudsters have taken advantage of this to target customers and engaging in phishing and smishing tactics. These tactics allow the fraudsters to then attempt port-out fraud.
There are a few things you can do in order to help reduce your chances of falling victim to port-out fraud.
- PAC Code Notifications If you unexpectedly receive a notice regarding a PAC request, you should contact your service provider right away. Inform them of the situation, and then call your financial institutions to keep them updated.
- Clicking on Links or Downloading Files: If you are not expecting an email or a text with a link in it, don’t click on anything in an unsolicited communication. This includes communications that appear to come from a legitimate source such as your bank.
- Password or PIN Requests: Your bank will never contact you to ask for your password or PIN number. Likewise, a request to move money to a different account is likely a fraudulent request.
- SIM Swapping: Port-out fraud is not the same as SIM swapping. Although they are similar, a SIM swap involves fraudulently obtaining a new SIM card which provides access to the victim’s accounts.
Here at AGT Computer Services Ltd. offer free security reviews of your business and devices - get in touch on 01253 808 472 if you would like toset up an appointment.