One way scammers can get hold of your details is by having your mobile number transferred from your device to one they control – a strategy known as mobile porting or phone porting.
Once they’ve successfully taken ownership of your number, they’re able to receive your text messages, including any that contain password resets and verification codes. This allows them to access your online accounts, whether it be banking, email, superannuation, social media or government portals such as myGov.
No prizes for guessing their next step: stealing your identity and your money.
How do mobile porting scams work?
Scammers can reassign your mobile number to their own device in two ways:
- Unauthorised porting: The scammer contacts a different telecommunications provider to the one you currently use and asks them to set up a new account, transferring your number from your current provider.
- Unauthorised SIM card swap: The scammer contacts your existing provider and asks them to activate a new SIM card with your number.
Though telecommunications providers must verify your identity before transferring your mobile service, the information they ask for can be as simple as your name, mobile number, email or date of birth – all of which can be easy for scammers to find online.
Know the warning signs
According to IDCARE, Australia and New Zealand’s national identity and cyber support service, if a scammer is attempting an unauthorised port or SIM card swap, you’ll receive an SOS message on your mobile, indicating a loss of phone coverage or reception.
Other warning signs include not being able to log into your online accounts, because a scammer has reset your passwords. Or, you start receiving welcome emails from a new telecommunications provider, or alerts from your financial institution about changes to your account.
Stay safe
IDCARE recommends taking the following precautions to protect yourself from mobile porting scams:
- Use multi-factor authentication wherever possible, including using authenticator apps, touch ID, Face ID or biometrics as part of account access requirements.
- Download your banking app onto your mobile device; many of these allow you to temporarily freeze your accounts and cards.
- Check if your financial institution has multi-factor authentication options that don’t rely on using your mobile number for security codes.
- Make a list of accounts that send text messages to your mobile.
- Clear all email folders regularly.
- Never provide personal details over the phone to unsolicited callers.
- Don’t click on links in emails or text messages unless you’ve verified the source.
Where to get help
If you think someone has taken control of your mobile number:
- Contact your bank immediately
- Seek support from services such as IDCARE
- Report the incident to ScamWatch
- You can contact us on 132 888 Monday to Friday 8:00am-8:00pm and Saturday 9:00am-2:00pm AEST/AEDT or our Fraud Bureau service who are available 24/7 on +61 2 8299 9534.