AT&T Now Lets Customers Lock Down Account To Prevent SIM Swapping Attacks (theverge.com) 10
AT&T has launched a new Account Lock feature designed to protect customers from SIM swapping attacks. The security tool, available through the myAT&T app, prevents unauthorized changes to customer accounts including phone number transfers, SIM card changes, billing information updates, device upgrades, and modifications to authorized users.
SIM swapping attacks occur when criminals obtain a victim's phone number through social engineering techniques, then intercept messages and calls to access two-factor authentication codes for sensitive accounts. The attacks have become increasingly common in recent years. AT&T began gradually rolling out Account Lock earlier this year, joining T-Mobile, Verizon, and Google Fi, which already offer similar fraud prevention features.
SIM swapping attacks occur when criminals obtain a victim's phone number through social engineering techniques, then intercept messages and calls to access two-factor authentication codes for sensitive accounts. The attacks have become increasingly common in recent years. AT&T began gradually rolling out Account Lock earlier this year, joining T-Mobile, Verizon, and Google Fi, which already offer similar fraud prevention features.
Missing important attack detail (Score:3)
SIM swapping attacks occur when criminals obtain a victim's phone number through social engineering techniques, then intercept messages and calls to access two-factor authentication codes for sensitive accounts
The missing step is, after obtaining your phone number, they attempt to transfer (port) your number to a new SIM which they control. Once the port is complete, they can then intercept SMS messages and use them to break in to your accounts. This is an important detail because the text makes it sound like they can snoop on your texts while you still have the use of your phone.
Protecting against unauthorized ports has been a thing for some time now, including at AT&T. Everyone should lock their SIM with their carrier unless they are in the process of switching carriers.
Re: (Score:3)
when criminals obtain a victim's phone number through social engineering techniques
Like every f*cking business demands that I put my phone number on checks, on-line forms and every other thing before they will do business with me.
Just use a credit card or phone pay, you say? They already have your phone number attached to your account and will hand it over to every merchant (or person claiming to be one) that asks.
My trick: The phone number I give out is a land line. Have fun uploading your crappy app to a Western Electric Model 2500. My cell phone does nothing but make voice phone call
Re: (Score:3)
Yep, I have a VOIP line for the exact same reason.
Unfortunately, there are some businesses you really need to give your cell number. It's not possible to keep it completely secret. So locking your account against porting is still a very, very good idea.
Re: (Score:3)
Re: (Score:2)
Everyone should lock their SIM with their carrier unless they are in the process of switching carriers.
Does this block an employee at AT&T or other carrier from porting your number to another SIM because of a bribe?
Re: (Score:2)
Nope. What is the relevance? If an employee will take a bribe, no security process will protect you.
Security tool runs on app ? (Score:2)
Re: Security tool runs on app ? (Score:2)
So they need to steal your phone and your lock code to get into the security app to unlock your account ?
If they have that, they don't need to sim swap.
Congratulations (Score:2)
What happens when your locked phone breaks? (Score:2)
You lock it down on the physical device itself. Then your phone gets destroyed, smashed, broken, otherwise unable to boot and work correctly. Now what? Is your number stuck on the broken phone? There is a piece to this puzzle we are missing.