SIM swapping is an infamous type of scam in which a cybercriminal takes over your mobile phone account to port your number to another phone or carrier. Now Google Fi is offering its customers an extra level of protection to guard against such account takeovers.
Describing its Number Lock feature in a new support page spotted by 9to5Google, Google called it an additional layer of protection against illegal SIM swaps and an option offered to Google Fi customers at no extra cost. With Number Lock enabled, no one can transfer your number to another phone or port it to another carrier.
Also: Multi-factor authentication: How to enable 2FA and boost your security
To enable Number Lock, sign into your account at the Google Fi website. Go to “Phone settings” and select “Privacy & security.” Under the setting for “Number lock,” select the option for “Sign in to manage Number lock.” Enter your username and password again and then turn on the switch for “Number lock.” To disable it, simply follow the same steps and turn the Number lock switch back to Off.
With the prevalence of mobile phones, SIM swapping has become a popular tactic used by scammers who can target any user. As described on another Google support page:
“SIM swapping happens when someone is able to steal your phone number by convincing your carrier to port your phone number over to a SIM card they own. For example, someone may call your carrier, pretend to be you, and convince your carrier that you have lost your phone and need to move your number to a new phone.”
To protect a Google Fi account or any mobile account from SIM swapping, your best bet is to set up two-factor authentication. In that event, the scammer shouldn’t be able to access your account without that second form of verification. However, the type of 2FA you choose makes a big difference.
The least secure method is standard SMS authentication in which a text message is sent to your mobile phone with a code that you must confirm. For example, if you need to sign into the Google Fi app or website, you’ll be prompted to accept a security request on your phone.
The problem with an SMS message is that cybercrooks can intercept or otherwise capture that text, thereby stealing the code and pretending to be you. And some criminals are going even further. In one series of cases, scammers offered money to former employees at T-Mobile and Verizon to help them pull off SIM swaps.
The more secure and preferred authentication methods are an authenticator app and a physical security key. With a program such as Google Authenticator or Microsoft Authenticator, the app displays a code number that changes every 30 seconds, which you must enter or verify to sign in. A security key is even more secure as it requires physical access to allow you to sign into a supported account.
Also: Microsoft’s latest Windows 11 security features aim to make it ‘more secure out of the box’
Worried about the increase in SIM attacks, the FCC has been pushing wireless carriers to better protect their customers against SIM swaps and port-out fraud. Based on new FCC rules issued last November, carriers must offer secure methods to authenticate a user before redirecting their phone number to a new device or provider. Further, carriers must notify customers immediately whenever a SIM change or port-out request is made on their accounts.
Source: Robotics - zdnet.com