What is Porting?

Porting is a term used to describe the transfer of an existing phone number from one telco provider to another. The process allows you to switch providers while keeping all your same phone numbers. 

You can port mobile numbers, business landlines, inbound services like faxes, and internet connections in Australia. Number porting allows you to quickly transfer an existing phone number or service from one provider to another in a few steps. 

How does a Sim Swap Scam work?

Mobile phones will not work without a Subscriber identity module (SIM). SIM cards store user data in Global System for Mobile (GSM) phones. GSM phones without SIM cards will generally not connect to any mobile network except for emergency calls. This is why your phone is primarily useless when you remove your SIM card unless it is on WiFi.

There are two types of SIM swap fraud.

• The first is based on social engineering directed at the target and the mobile phone carrier.
• The second technique includes an insider, usually a rogue mobile carrier employee, but this is less common.

The process begins with the SIM swap threat actor collecting personal information about their intended target. This is often achieved by buying information from the dark web or a criminal organisation or using phishing emails or social engineering to impersonate the target.

If your mobile phone number and other personal information have previously been breached, you are at increased risk of Sim Swapping.

Scammers can also use social media profiles to gather relevant information that helps them impersonate a target. For example, a person’s high school, family members and mother’s maiden name are often apparent on a social media profile. They are also common answers to security questions.

Once the threat actor has a good target profile, they then contact the target’s mobile carrier, impersonating them and claiming to have lost or damaged the SIM card associated with the target’s number. They request that customer service activate their new SIM card or ask for help switching to their new phone.

Once the SIM card swap scam occurs, the threat actor receives all phone calls and SMS intended for the target’s phone, including any one-time passwords.

They can then set up new accounts in your name, for example. You may not be notified if they do so at your existing bank.

What are carriers (Telstra, Optus, Vodafone) doing about it?

Telecommunications are regulated in Australia by the Australian Communications and Media Authority (ACMA). The ACMA defines standards around the process for number porting and helps enforce those processes across all Telcos.

The rules are changing to keep up with the scams and protect Australians. For mobile phones, the ACMA has implemented the following standards:

• Telecommunications (Mobile Number Pre-Porting Additional Identity Verification) Industry Standard 2020
  • This standard ensures that Telco take steps to identify the person making the request to port a mobile phone.
  • You can read about it here. https://www.legislation.gov.au/Details/F2020L00179
• Telecommunications Service Provider (Customer Identity Authentication) Determination 2022
  • This standard further defines the authentication and identity requirements, including things like the implementation of MFA on customer accounts.
  • You read about it here. https://www.legislation.gov.au/Details/F2022L00548

All telcos in Australia are required to follow the standards. Most telcos provide information about how they attempt to prevent these scams. :

• Telstra has posted about it here.
• Optus here.
• Vodafone didn’t appear to have a dedicated page, but they do have a page for reporting fraud.

How to prevent SIM swapping?

There are several ways you can protect yourself and avoid SIM swapping: