Australian law requires only a date of birth and a customer name to transfer or ‘port’ a mobile phone number to a new provider.
Think about it – your date of birth and mobile number are often visible on social media and other places, making it easy for thieves to commit this crime.
AN EASY TARGET
Your mobile phone stores so much of your personal identity and connects criminals directly to your text messages and then your accounts. It’s a playground for criminals as soon as they get their hands on your phone number.
Current laws make it easy for criminals
SECURITY THEFT STARTS WITH YOUR MAIL
The data needed to request a phone port is a low barrier for savvy identity thieves.
An account number can be stolen by tricking employees of mobile phone providers.
'Social engineering' includes finding out your details through online phishing attacks - or by simply physically stealing mail from your letterbox.
YOU'RE ALWAYS BEING WATCHED
Thieves have probably been collecting information about you through social media, phishing emails, texts, tracking malware, or stealing from your letterbox, long before they try to port your phone.
Many people proactively advertise their information and activities to strangers to gain social popularity* – overestimating the effectiveness of electronic identity theft countermeasures.
* SOURCE: Furnell and Botha 2011
MAN IN THE MIDDLE ATTACK (MITM)
Despite new regulations that have been put in place, anecdotal experience had reported the problem is still happening.
The process includes a middle person (criminal) who will simultaneously be connected with you and with your telco.
Often times they call claiming you have been chosen to take advantage of a limited time offer.
They ask for your details and automatically send those details to the legitimate telco system. It is called MITM precisely because the criminal becomes a middle person between you and the telco.
If you fall victim to such calls, ask them for a case number. Make sure you personally hung up their call. Proceed to confirm directly with your Telco by giving 'Such case report'. If your telco confirms this was not legit, report immediately to scamwatch.