Tech Made Simple

Hot Topics: How to Fix Bluetooth Problems | CES 2018 | Quell Pain Relief Review | Best TVs Under $500 | Complete Guide to Facebook Privacy

Top News Stories

author photo

Beware Phone Porting Scam that Can Empty Your Bank Account

by on February 07, 2018
in Privacy, News, Phones and Mobile, Blog :: 21 comments

Many T-Mobile customers recently received a text message that the company has “identified an industry-wide phone number port-out scam and encourage you to add account security.” The text then directs you to a page on the T-Mobile website to learn more. In case you’re wondering if this threat is real, it is. And you need to take action on it now, even if you’re an AT&T, Sprint or Verizon customer. Failure to do so could result in having your bank account cleaned out, as has happened to numerous consumers.

Here’s how the scam works. The fraudster either calls into your carrier or goes into a local store claiming to be you. With so much of our public information now in the public sphere, including our social security number, it’s not hard to do (thank you, Equifax and others). They then “port out” your phone number to a pre-paid phone on another carrier.

Now that they have control over your number, they can receive the two-factor authorization texts required to reset your email password. And from there, it becomes relatively easy, assuming they have other basic identifying information about you, to reset your banking information and gain access to your accounts.

To protect yourself from these scams, it’s critical that you set up a port-out validation PIN with your carrier that prevents anyone who doesn’t know this number from transferring your phone to another account. You may already have a PIN on your account, but the default PIN is sometimes the last four digits of your SSN (as I recently discovered it was for my T-Mobile account), which makes it incredibly insecure, so you should change it to something that can’t be easily guessed.

To set up your port validation PIN on T-Mobile, you need to call 611 from your T-Mobile phone or dial 1-800-937-8997 (you can’t do this online). You can learn more about the PIN creation policies and processes for each of the carriers on their websites: AT&T, Sprint, T-MobileVerizon). 

Even if you have a strong PIN, there are phishing attacks specifically targeted to uncovering it. For example, I received a pre-recorded call earlier this week with the message:

“Dear AT&T Customer, we value your security and invite you to validate your wireless account passcode. Please press 1 to verify now.”

Had I “validated” my AT&T passcode (which I don't have, anyhow, because I'm a T-Mobile customer), the scammers would now have exactly what they needed to transfer my account. Always protect your passcode and never give it to anyone or type it anywhere unless you go directly to your carrier's site login page (NOT by following a link in an email you received) or initiate the call to your carrier.

In addition, carriers use your email and/or security questions to remind you of forgotten user IDs and passwords. So always use strong, unique passwords for both your email and mobile accounts, and make sure your security questions can’t be guessed using publicly available information (even if that means lying).

[Image credit: scam alert via BigStockPhoto]



Discussion loading

gravatar

Port Out Scam

From Dee on February 07, 2018 :: 3:44 pm

My husband is a new wireless phone user, bought mainly for emergencies.  He was the victim of a port out scheme very recently.  Luckily it was just a matter of his carrier being changed with out his knowledge. He also lost his minutes, which has since been resolved along with port out.  This happened without any contact by his carrier originally listed with the phone.  Had it not been for the fact that he could not make any outgoing calls who knows what would have happened.  It took many hours in a live chat and on the phone with the original carrier to get his phone number and minutes back.  I can see, first hand how this could have been much more serious. People really need to go with the PIN ID you mentioned.

Reply

gravatar

And how exactly would the

From German Lopez on February 07, 2018 :: 3:53 pm

And how exactly would the clean out my bank account?

Reply

gravatar

The article went into the

From Dee on February 07, 2018 :: 4:22 pm

The article went into the capturing of information that could lead to your bank accounts. Why take the chance when it is easy enough to increase security on your account.  After our experience yesterday, I see how that could happen with no
per mission given. We now have notes in our account that nothing is to be changed without notifying us first.  Y

Reply

avatar

Because it enables you to reset passwords

From Josh Kirschner on February 08, 2018 :: 11:04 am

Controlling the phone gives you access to the text messages email programs and banks use to reset forgotten passwords. So if I have your phone account/number I can request your Gmail email address, then reset your password using SMS verification. Then I can go to your bank (I would try the main ones first) and ask for a password reset. They would either then send me an email with reset instructions (an email account I now control) or send me a reset code via a text message to the registered phone (a phone I now control).

Reply

gravatar

I want to thank you

From Dee on February 08, 2018 :: 6:03 pm

I want to thank you for the information Josh.  I am passing it along to friends and family.

Reply

gravatar

Sharing

From Vicki on February 08, 2018 :: 4:47 pm

I appreciate these timely warnings from your site popping up on my screen. I posted your article on my Facebook page and will follow the advice you’ve provided. Thank you very much!

Reply

avatar

Thank you

From Josh Kirschner on February 09, 2018 :: 12:58 am

Thanks for making others aware so they can protect themselves.

Reply

gravatar

WHAT THE STINK

From robert on February 08, 2018 :: 4:57 pm

THIS SCAM IS BUTTS!

Reply

gravatar

now what if..

From Janet Curtis on February 08, 2018 :: 5:22 pm

i have metro pcs phone..can the get all info from that? because I was scammed and changed my bank acct. and debit card..BUT I dont know what else they got at all. it appears they played as capitol one bank which i do have 2 cards with. so i did change bank and debit card..but even my bank doesnt know my cc numbers? i dont know what porting is but i have a niece who is a felon and now with my elder mother tapping her phone thru this and maybe MY cell. I dont think im sure exactly what to do. ? i have a gmail email and an aol email i know they have my aol mail. how does this happen. ? im calling the bank now. some one ple reexplain this complicated scam and hopefully ill get an email telling me more of what to do. since this is a push notification i normally would have missed it. as i usually remove them as all scams and they cover everything on my pages. someone pls reply and tell me how to do what needs done. the theif in moms home has info and the hackers from last month also have it!!!!!! SOS ty

Reply

avatar

Not hacking, but transferring

From Josh Kirschner on February 09, 2018 :: 1:07 am

Hi Janet,

There are a number of ways people can defraud you, so difficult to say what occured with your past issues. What’s happening here is not hacking (or “tapping”) your phone, it’s transferring your phone account to another carrier and out of your control. Then using text messaging on your transferred account to get access to your email/bank/other accounts.

However, if you are concerned about someone close to you who may be putting spyware on your phone, you should read our story on How to Tell if Your Phone Has Been Hacked. And be sure to change your password on all your account to strong, unique passwords that no one else will be able to guess.

Reply

gravatar

Happened to me

From Jason on February 09, 2018 :: 11:28 pm

This happened to me recently - it sucks. All the sudden my phone had no signal and by the time I cleared it up with T-Mobile, they thief had already transferred 5K out of my bank accounts. BTW, I had a pin setup so this isn’t foolproof because the agents are easily manipulated by the fraudsters.

Reply

gravatar

Happening to me too

From Buh on February 10, 2018 :: 1:40 pm

This sucks. I have no way of even calling my provider as whoever is doing this can reroute calls or simply disconnect the call. Metro pcs is no help. Police are no help. What do I do????? This has happened to me before. Repeatedly.

Reply

avatar

Did T-Mobile provide info on how they did it?

From Josh Kirschner on February 12, 2018 :: 3:03 pm

Did T-Mobile provide you any details on how they were able to port your phone without knowing your PIN (I’m assuming your PIN wasn’t something easy to guess)?

Reply

gravatar

Sigh....

From Buh on February 10, 2018 :: 1:47 pm

I have a MetroPCS phone and this is happening to me right now. It’s actually happened the last several phones I’ve had, all different providers. I can’t even call 611, the IRS or anyone without getting cut off or redirected. Help!

Reply

gravatar

? Hope this works

From Dee on February 10, 2018 :: 1:52 pm

When I finally got my husbands phone account straightened out, I insisted that they add notes to the account stating no porting, unless he is called.  inoperable!!! Not sure this will work, because it had to be someone on the inside, how else would they get his PIN #. He did not lose any money, but they took all of his remaining minutes and left his phone inoperable!!!  Took several hours to get this fixed. Thank God it didn’t involve stealing money from his bank account,like some of you have had to go through!!!

Reply

gravatar

Verizon

From Victoria on February 10, 2018 :: 7:54 pm

I contacted Verizon. First I changed my PIN, because, just as the article described, it was defaulted to the last 4 digits of my SSN. Second, I asked Verizon to put notes on my account that 1)any port request was required to occur in person at a Verizon Wireless retail location and 2)a valid ID must be presented prior to port approval. I would encourage others to do the same. Thanks for this very helpful article!

Reply

gravatar

your comment confused me.

From Micki on February 10, 2018 :: 10:15 pm

If you are with Verizon I am very surprised that your PIN was your SS#.  Early LAST YEAR Verizon made all their users change their PIN numbers if they were using their last 4 digits. I should know as I WAS using my last 4 and they locked me out of my account until I changed it.  So I did -  to something really stupid because at that time I didn’t know someone could “port” my phone. Guess I have to call them and change it.  Sigh.

Reply

gravatar

Verizon PIN

From Victoria on February 11, 2018 :: 3:26 am

I have been a Verizon customer forever and didn’t get the email you reference. Just another reason I am grateful for this article. Of note, Verizon PINs can be changed via My Verizon also.

Reply

avatar

Glad it was helpful and kudos to Verizon

From Josh Kirschner on February 12, 2018 :: 2:48 pm

It was smart strategy from Verizon to prevent using your SSN as your PIN, other carriers should implement the same policy.

Account Drained in 5 minutes!

From Frieda Franchina on February 13, 2018 :: 1:55 pm

I do not have a landline, only a TMobile phone. I got a text message: Thanks for Choosing Metro PCS! Amount due will be $58.00.
Then my phone went dead. I could not call, text, or use the internet. I drove over to the TMobile store, where they spent 90 minutes with TMobile CS and Metro PCS, who is their sister company. They dialed my cell number: “The number you have called is no longer in service.”
They gave me a temp phone number and when I got home, I checked my email on my computer. My Wells Fargo bank sent me a message that I had sent money to Marvin Jesus using Zelle. Zelle is like PayPal or Venmo, but…instead of waiting 3 days for the transaction to be complete, it ONLY TAKES LESS THAN 5 MINUTES!
I drove to my bank, and they said they had tried to call me, but guess what? My phone was not working, so WHY did they allow the Zelle to go through?
My son contacted me via FB and asked why his phone wasn’t working, and got the same message from his WF bank. His account was drained of all but $1.
*We now have Port Protection and a 6 Digit PIN on our TMobile account.
*Fraud alerts on all the credit reporting agencies.
*Changed all our User Names & Passwords on email, banks, and social media accounts.
*Filed a police report.
*Got my original Phone number back
*Just got a letter last week from my bank saying they put the money back into my account as a “provisional credit” until the case is closed.

It was the perfect storm between TMobile/Zelle/Wells Fargo. Don’t let this happen to you.

Reply

gravatar

What about Virgin Mobile?

From God bless you on February 17, 2018 :: 9:45 pm

Thank you for alerting us to this scam! I sent your article to some friends who were grateful and will pass it on smile I’m just wondering if Virgin has a site to change or create a port-out pin? Please let me know. I’ve looked on their site but found zero info on this.

Reply

© Techlicious LLC. Home | About | Meet the Team | Sponsorship Opportunities | Newsletter Archive | Contact Us | Terms of Use | Privacy Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

site design: Juxtaprose