What safeguards are available from TF from sim swap scams

**tzais01** · 04-26-2022, 10:02 AM

I've been hearing more in the news about the sim swap hacks. What safeguards are available from Tracfone to prevent this on our phones?

**hpham** · 04-26-2022, 11:00 AM

Originally Posted by tzais01

I've been hearing more in the news about the sim swap hacks. What safeguards are available from Tracfone to prevent this on our phones?

The SIM-swap hack is actually porting a phone number out without the owner's knowledge. TF now requires a Porting PIN instead of the account PIN. You have to text NTP (Network Transfer PIN) to 611611 from your phone to get the Porting PIN texted back to your phone. When I ported 3 TF numbers to Visible between Nov and Dec last year, someone from TF Port Dept called me on the phones involved, texted a security code to the phones for me to read back before they'd release the number. But they don't always call before releasing the number.

**Lisme** · 04-26-2022, 11:19 AM

I think basically any carrier that is offering something for free if you port in your number is going to attract people looking for an active number to steal.

So that would attract fraud at Visible, Metro, whatever.

Tracfone is doing the right thing by taking this seriously. They can do the right things when they make the effort.

**tzais01** · 04-26-2022, 11:54 AM

Originally Posted by hpham

The SIM-swap hack is actually porting a phone number out without the owner's knowledge. TF now requires a Porting PIN instead of the account PIN. You have to text NTP (Network Transfer PIN) to 611611 from your phone to get the Porting PIN texted back to your phone. When I ported 3 TF numbers to Visible between Nov and Dec last year, someone from TF Port Dept called me on the phones involved, texted a security code to the phones for me to read back before they'd release the number. But they don't always call before releasing the number.

Ok, that sounds good along with the security question and password.

**hpham** · 04-26-2022, 12:09 PM

Originally Posted by tzais01

Ok, that sounds good along with the security question and password.

To port out a phone number, you typically need to provide these pieces of info to the new provider: the phone number, name on the account, the account number, account PIN (TF now requires the port PIN), the zip code of the account. Those pieces of info are known only by someone inside the provider/carrier who can access the customer database, or a hacker who got access to the database. With TF now requires the NTP which is generated and texted to the phone and has a limited lifespan of 24-48 hrs, that makes things harder to illegally port out your number.

**N2FUV** · 04-30-2022, 02:39 PM

Originally Posted by hpham

To port out a phone number, you typically need to provide these pieces of info to the new provider: the phone number, name on the account, the account number, account PIN (TF now requires the port PIN), the zip code of the account. Those pieces of info are known only by someone inside the provider/carrier who can access the customer database, or a hacker who got access to the database. With TF now requires the NTP which is generated and texted to the phone and has a limited lifespan of 24-48 hrs, that makes things harder to illegally port out your number.

@hpham

That "port PIN" can ONLY be texted back to the specific phone you are using correct, and NO other device? If so that is great news and a bit of relief, since if you look at another thread here, it appears some other scammers are sending texts from 77890 claiming to be tracfone claiming that they have noticed some "unusual activity" on our accounts and that there is some SECURITY NOTICE we are to click a link to in that text!

FOLKS DO NOT CLICK ON TEXT LINKS IF AT ALL POSSIBLE FOR ANY REASON NOW....it really appears that some really big time criminals are working overtime to steal your personal information that could even lead to having your bank account compromised!
t

**hpham** · 04-30-2022, 02:51 PM

The Port PIN is sent back only to the phone that texted NTP to 611611.

**N2FUV** · 04-30-2022, 03:06 PM

Originally Posted by hpham

The Port PIN is sent back only to the phone that texted NTP to 611611.

Seems like it would be impossible for a scammer to do an unauthorized port out unless they had your phone in their hands. Correct? They could not use your IMEI or SIM number to forward that to another device correct?
Sorry to be nitpicking but well some of the stuff I'm hearing about these things now is pretty unnerving!
Thanks for your help and clarification!

**hpham** · 04-30-2022, 03:20 PM

If a scammer can spoof his phone to appear as your phone number, then he can steal the port PIN. I don't think it's easy, but can't say it's not possible.
Previously, the info needed to port out (phone number, name, acct number, acct PIN, zip code) was "static" and any scammer who has access to the customer database can impersonate you.

**N2FUV** · 04-30-2022, 03:30 PM

Originally Posted by hpham

If a scammer can spoof his phone to appear as your phone number, then he can steal the port PIN. I don't think it's easy, but can't say it's not possible.
Previously, the info needed to port out (phone number, name, acct number, acct PIN, zip code) was "static" and any scammer who has access to the customer database can impersonate you.

Thanks for the clarification, it seems pretty remote that they might be able to do it. I wonder how that is possible? I suppose I don't want an answer since I don't want to give any information away that could help these criminals.

**hpham** · 04-30-2022, 03:47 PM

Search the Internet for "caller ID spoofing" to get more info. There are even sites like spoofmyphone.com that sell apps/service to spoof numbers. I don't know if that will fool TF system.

**malet** · 04-30-2022, 04:14 PM

It's trivial to spoof the number that shows up on caller ID, as mentioned above. I've never heard of someone being able to hijack a phone number and receive the calls/texts sent to it without SIM swapping (which is why TF now requires a text to the phone number before doing the swap.) I'm sure it's possible for someone deep in the phone company, or in law enforcement; but it's not a low hanging fruit for scammers like SIM swapping used to be.

**Lisme** · 04-30-2022, 05:02 PM

I'm sure a phone number is more complicated than John Doe 888-555-1212. That's just the part we see to keep it simple.

I don't think that changing a name would fool a phone company. Our wireless numbers don't even have personalized names.

**StymiedToo** · 05-05-2022, 06:36 PM

Does that mean using a locked Tracfone would prevent or reduce the risk of getting hacked?

Specifically when using the phone to receive the 2 factor authentication code a bank would send when using your PC to access a bank account. Everything I’ve read says that receiving a 2FA code via text is the least secure method of 2FA because your phone can be compromised.

SIM swap fraud explained and how to help protect yourself
https://us.norton.com/internetsecuri...wap-fraud.html

If the thief can’t do, or easily do, a SIM swap then using a Tracfone should be OK, correct?

**hpham** · 05-05-2022, 06:44 PM

Originally Posted by StymiedToo

Does that mean using a locked Tracfone would prevent or reduce the risk of getting hacked?

If the thief can’t do, or easily do, a SIM swap then using a Tracfone should be OK, correct?

Whether the phone is locked to TF or not has no bearing on getting your phone number ported out illegally by hackers.

With TF now using the new Port PIN (instead of the account PIN) being texted to your phone, it's harder for the thief to port your number out.