FCC unveils its methods to stop SIM swapping scams and robocalls
The FCC is taking the fight to scammers
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
The Federal Communications Commission (FCC) has laid out its plans to stop bothSIM swapping attacksandrobocallsin an effort to protect US smartphone users from fraud andidentity theft.
For those unfamiliar, SIM swapping is a technique used by an attacker in which they convince a mobile carrier to transfer a victim’s phone number from theirSIM cardto one they own and control. Once in control of a victim’s number, the attacker can receive two factor authentication (2FA) messages to take over their online accounts.
The FCC’sNotice of Proposed Rulemakingputs forward a number of ways to address SIM swapping such as amending the Customer Proprietary Network Information (CPNI) and Local Number Portability rules so that mobile carriers would have to authenticate that a customer really is who they say the are before redirecting their phone number to a new SIM card or device. At the same time, the notice proposes requiring mobile carriers to immediately notify customers whenever a SIM change or port request is made on their accounts.
In addition to SIM swapping, these new changes will also address port-out fraud which occurs when an attacker poses as a victim and opens an account with another carrier in their name. They then arrange for the victim’s phone number to be transferred or “ported out” to the account with the new mobile carrier which they control.
Robocall Mitigation Database
In order to combat robocalls, the FCC set a deadline for June, 20 of this year for large mobile carriers to implement theSTIR/SHAKEN protocolswhile smaller mobile carriers have been given an extension to do so until June of 2023. As part of these efforts, mobile carriers were required to certify that they have implemented STIR/SHAKEN though they also had to submit a detailed robocall mitigation plan with the FCC.
Beginning today though, if a mobile carrier’s certification and other required information is not in the FCC’s Robocall Mitigation Database, other mobile carriers and intermediate providers will be prohibited from directly accepting that providers traffic. This means that if a mobile carrier hasn’t submitted the necessary paperwork, other carriers won’t be able to send calls from its network to their customers.
The deadline seems to be working though as 4,798 companies have filed in the Robocall Mitigation Database and all of the largest mobile carriers in the US have certified their implementation of the SHIR/SHAKEN protocols.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Acting FCC Chair Jessica Rosenworcel provided further details on how the government agency is fighting robocalls in apress release, saying:
“The FCC is using every tool we can to combat malicious robocalls and spoofing – from substantial fines on bad actors to policy changes to technical innovations like STIR/SHAKEN. Today’s deadline establishes a very powerful tool for blocking unlawful robocalls. We will continue to do everything in our power to protect consumers against scammers who flood our homes and businesses with spoofed robocalls.”
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet
