The U.S. Federal Communications Commission (FCC) is implementing stringent rules to safeguard consumers against the rising threat of SIM-swapping attacks and port-out fraud. These scams, which involve malicious actors covertly swapping SIM cards or transferring phone numbers to new carriers without physical access to the victim’s phone, target sensitive data and personal information.
The FCC’s new regulations, initially proposed in July 2023, require wireless providers to adopt secure authentication methods before redirecting a customer’s phone number. Additionally, customers must receive immediate notifications of any SIM changes or port-out requests, empowering them to take swift action against potential attacks.
The rules address the serious risks associated with SIM swapping, a tactic exploited by threat actors like LAPSUS$ and Scattered Spider to infiltrate corporate networks. By migrating services to actor-controlled devices, attackers gain the ability to divert SMS-based two-factor authentication codes, compromising victims’ online accounts.
FCC Commissioner Geoffrey Starks emphasized the need for consumers to rely on secure verification procedures and privacy guarantees from wireless providers, enabling them to go about their daily lives without fear of unauthorized phone control.
Simultaneously, the FCC is launching an inquiry into the impact of artificial intelligence (AI) on robocalls and robotexts, recognizing the potential for AI to enhance analytics tools against unwanted communications while acknowledging the risk of facilitating fraudulent activities by mimicking trusted voices through technology.
