The advancement of internet technologies has shifted us from traditional communication to digital communication. Communication changed from letters to voice communication after Graham Bell invented the telephone. Mobile phones replaced landlines and smartphones replaced mobile phones. Internet communication like social media has replaced cellular communication. However, cellular communication is still being used widely for multiple purposes. The users consider cellular communication safe and secure than social media. However, mobile privacy and mobile phone communication can also be hacked due to multiple reasons. This article will discuss everything related to mobile number takeover or phone number takeover.
Have you ever faced these situations?
- Not receiving any call or text message on mobile number.
- Received an error message when trying to make a phone call.
The above situations are a sign of a mobile number takeover and your mobile number is being used by someone else. Mobile number takeover is a common issue that can help hackers to access our mobile accounts, social media accounts, and other online accounts. Many companies provide services through digital platforms like banking that depend on mobile number communication. For multiple purposes, the company sends Code, Temporary PIN, or OTP (One Time Password) to the mobile number. Phone number takeover can result in communication loss and hackers can access our sensitive communication that can be used in cybercrime activities. It allows the hacker to take full control of our bank accounts, online accounts like shopping, and social media accounts.
How Mobile Number Takeover can Happen?
Mobile number security has become highly important as mobile numbers are directly associated with banks, crypto networks, and social media accounts. Hackers have devised multiple methods to access the cellular communication of the users. For example, hackers have accessed cellular communication of users to hack secret codes, OTPs, and PIN details. These methods include SIM cloning, SIM jacking, call forwarding, and SIM swap (Rafter, 2021).
SIM cloning is amethod for mobile number takeover that requires physical access to a SIM card. The SIM card is used to create a copy of the SIM card using cloning software. The cloning software copies the unique identifier number of the SIM card to a new bland SIM card. The newly created or cloned SIM can access full communication controls including two-factor authentication codes. However, this method does not block communication with the user’s mobile number as it happens in sim swapping or call forwarding methods (Bales & Kessem, 2019).
SIM jacking is another method for accessing someone’s cellular communication. In this method, the hacker sends a malicious or spam link to the victim. If the user clicks the link, it allows a hacker to spy on the victim’s text messages, calls, location, etc. This method does not takeoverthe mobile number, but it can expose users’ sensitive information to hackers.
The cellular mobile services include a service known as ‘Call Forwarding’ or ‘Call Diverting’. The users are provided this feature to forward or divert their communication to another number. The call forwarding service is provided by every cellular provider and users can access this feature from Phone settings or Call Settings. The following image shows Call Forwarding settings in an iPhone mobile.
Figure 1: Call Settings (CERN, n.d.)
However, a call forwarding service can be misused by the user to divert calls to another number or someone change your call forwarding settings secretly. It is highly recommended to carefully use call forwarding settings and not allow other people to access and change your call forwarding settings.
Call forwarding or diverting settings can also be changed by requesting cellular network providers. The users have to make a phone call to request call forwarding and they will verify the user’s information. Hackers misuse this service to takeover mobile numbers for their intents. This process is known as SIM Swapping.
SIM swapping, hijacking, hacking, smishing, or port hacking is a cybercrime technique where hackers convince cellular network providers to divert a user’s call to his number. As discussed earlier, the call forwarding service can be activated using a mobile phone or requesting network provider. The hacker collects the user’s personal information like full name, date of birth, social security number, address, and family details. This data can be collected from social media, shared with friends, personal connections with victims, or obtained from dark webs. The hacker will contact the cellular network provider and convinces them to assign the victim’s mobile number to his number. The network service center will request some details for the user’s verification and the hacker had already accessed the personal details of the victim. After successful sim swapping, a hacker can access the communication of the user. The hacker can read and write text messages and make or receive phone calls. Now hackers can easily change the passwords of digital accounts and access them (Bales & Kessem, 2019).
Port-out is a service provided by cellular companies to shift from one cellular service provider to another service provider. For example, user purchased a SIM card from a cellular company A and wanted to switch to cellular company B, the user can request for port-out. Like SIM swap, this method also requires the personal details of the supposed victim. The hacker will request the service provider to portout the user’s number to a new network. If successful, the hacker will use a new SIM card of the new network. Using this SIM card, hackers can access the communication of the victim. The user will completely lose services on phone, receive a message that the sim is either blocked or ported and can make only emergency calls. Moreover, the mobile phone will not recognize ported sim card (Šimkevičiūtė, 2022).
How to Protect Yourself from Phone Number Takeover Scams
Mobile users are always concerned regarding the security of their personal, social, and financial details. The digital environment requires high security to reduce cybersecurity and hacking attempts. As mobile banking and cryptocurrency trends increased, cyberattacks also increased. Most companies including Google, financial institutes, and social media sites use the mobile number to verify users. However, mobile number takeover can expose sensitive information to hackers. Therefore, it is important to protect yourself from phone number takeover scams (Costin, n.d.).
Protecting Personal Information
Protecting personal information is the most important step that prevents hackers to access our details. As discussed above hackers use our personal details for SIM swapping and SIM port-out. The hackers are always searching for the personal details of the internet users as it helps them to crack their security. The hackers frequently send fake messages or email sand pretend to be representatives of banks, security officers, Netflix, or Amazon. They ask for personal details that cannot be used for cybercrimes. Hackers collect information through social media, personal connections, or dark webs.Also, never post your personal details on social media as they can be easily accessed.
Protecting Mobile and SIM cards
Mobile and SIM cards are required for call forwarding fraud and SIM cloning respectively. The user must set up a strong PIN or password for cellphone and SIM cards that will block criminals to temper settings and accessing personal information.
Avoid Phishing Attacks
The users must be educated to know phishing attacks through cellular or social media communication. The criminals always use spam links to target users that allow them to get access to mobile phones. The user must differentiate between authenticated and spam emails and messages.
What to Do If You’ve Been a Victim of an Account Takeover
If you are not receiving any messages or calls for a long-time or you cannot make a call to someone, it is a clear sign of a phone number takeover. In such a situation, the user must first contact the cellular service provider. The network provider cannot only inform you about the phone number takeover, but he can also manage to return your mobile number. It is the biggest issue to retrieve your number once it’s been stolen and depending on who the fraudster ported to it could be days before they got it back. Facial recognition and biometrics are terrible and easily beat. In store services are where sim swaps happen even more so any company that offers that is even worse. The user must check the integrity of his financial and social media accounts. The victim can also contact the police or cybersecurity branch to register a complaint (ACMA, 2022).For additional security, MobileN is recommended which is an MVNO is a wireless service provider that sole focus is protections and prevention again sim swaps and port outs, which protects digital assets and crypto firms (MobileN, 2022).
ACMA. (2022, April 29). What to do if your mobile number has been stolen. Retrieved from Australian Communication and Media Authority: https://www.acma.gov.au/what-do-if-your-mobile-number-has-been-stolen
Bales, D., & Kessem, L. (2019, October 10). Clone or Swap? SIM Card Vulnerabilities to Reckon With. Retrieved from Security Intelligence: https://securityintelligence.com/posts/clone-or-swap-sim-card-vulnerabilities-to-reckon-with/
CERN. (n.d.). Forwarding calls | IT Department. Retrieved from CERN: https://information-technology.web.cern.ch/book/mobile-operating-instructions/forwarding-calls
Cimpanu, C. (2022, February 9). FBI: $68 million lost to SIM swapping attacks in 2021. Retrieved from The Record: https://therecord.media/fbi-68-million-lost-to-sim-swapping-attacks-in-2021/
Costin, A. (n.d.). How to Protect Your Employee SIM Cards from Hackers | Avoiding SIM Swapping. Retrieved from Mind Point Group: https://www.mindpointgroup.com/blog/how-to-protect-your-sim-card-from-hackers
MobileN. (2022, June 17). Mobile Number Hijacking & SIM Port Outs to Help Crypto MNVO Organizations. Retrieved from MobileN: https://mobilen.io/mobile-number-hijacking-and-sim-port-outs-to-help-crypto-mnvo-organizations/
Rafter, D. (2021, February 8). What is phone account takeover fraud? Why it’s smart to protect your cellphone number. Retrieved from Norton: https://us.norton.com/internetsecurity-id-theft-what-is-phone-account-takeover-fraud.html
Šimkevičiūtė, S. (2022, May 12). What is a port-out scam? Retrieved from Nord VPN: https://nordvpn.com/blog/what-is-a-port-out-scam/
Verizon. (n.d.). Call Forwarding: Everything You Need to Know. Retrieved from Verizon: https://www.verizon.com/articles/call-forwarding-everything-you-need-to-know/