The Federal Communications Commission (FCC) in the United States is implementing new regulations designed to safeguard consumers against cell phone account scams, particularly those facilitating SIM-swapping attacks and port-out fraud orchestrated by malicious actors.
The FCC announced this week that the introduced rules are intended to shield consumers from scammers who exploit vulnerabilities to surreptitiously switch SIM cards to a new device or transfer phone numbers to a different carrier without physical possession of the consumer’s phone.
SIM swapping involves transferring a user’s account to a SIM card controlled by the scammer, often through deceptive means with the victim’s wireless carrier. On the other hand, port-out fraud occurs when a malicious actor, impersonating the victim, moves their phone number from one service provider to another without the victim’s knowledge.
These new regulations, initially proposed in July 2023, mandate wireless providers to implement secure authentication methods for customers before redirecting a phone number to a new device or carrier. Additionally, the rules stipulate that customers must receive immediate notifications whenever a SIM change or port-out request is initiated on their accounts, empowering them to take swift action against potential attacks.
SIM swapping has become a significant threat, allowing threat actors like LAPSUS$ and Scattered Spider to infiltrate corporate networks. By transferring the service to a device controlled by the attacker, they gain the ability to divert SMS-based two-factor authentication codes, potentially compromising victims’ online accounts.
FCC Commissioner Geoffrey Starks emphasized the importance of consumers relying on secure verification procedures and robust privacy guarantees from their wireless providers. He highlighted the pervasive use of phone numbers for two-factor authentication, emphasizing the potential consequences if a bad actor gains control of a phone.
In parallel with these measures, the FCC is launching an inquiry to examine the impact of artificial intelligence (AI) on robocalls and robotexts. The agency recognizes the potential of AI to enhance analytics tools for blocking unwanted calls and texts, thereby restoring trust in communication networks. However, the inquiry also aims to assess the risks associated with AI, such as enabling bad actors to defraud consumers through advanced techniques, such as mimicking voices of public officials or other trusted sources.
CyberSec84 | Cybersecurity news. 
Leave a comment