New scam-busting toolkit could save your number from being hijacked

Prof Stefan Trueck, Dr John Selby
Mal Chenu
14 August 2019
Macquarie Business School


You don’t have to fall in love with a Nigerian ‘prince’ or inherit €650,000,000 from a 'philanthropist' to be the victim of a scammer. Theft linked with the unauthorised porting of your mobile number is shockingly easy.

A Macquarie University research project is tackling the growing problem of scammers taking over your phone number through unauthorised porting and gaining access to your personal details, bank accounts, credit cards and email accounts.

Help is here: researchers from the Macquarie Business School will soon launch an app, a website and a video designed to help consumers recognise the warning signs of identity theft and how to safeguard themselves in future.

The project, known as AntiPort and funded by the Ecstra Foundation, will provide the tools and knowledge people need to stop the scammers. A website is due to launch in September, with a mobile phone app and an educational video to follow next year.

The AntiPort project is jointly-led by Dr John Selby, Department of Accounting and Corporate Governance, and Professor Stefan Trueck, Department of Actuarial Studies and Business Analytics, Centre for Risk Analytics along with Associate Professor Christophe Doche, Director of the Optus Macquarie University Cyber Security Hub.

AntiPort will also include case studies describing what has happened to people whose phones were ported illegally, and explain how criminals impersonate their victims. Professor Trueck says the aim of the AntiPort project, which is in the final stages of testing ahead of its launch, is to raise awareness and educate Australian consumers and businesses about the risks - and prevention - of mobile number porting-based identity theft.

Stealing your phone number is easy

“Our objective is to provide information about the nature of porting scams, how to recognise the warning signs of identity theft, the steps required to minimise the risk, how to limit the damage and how to protect against future attacks.”

Illegal phone porting (aka unauthorised SIM swapping) and the subsequent associated fraud is far easier than you might think, as Dr Selby explains:

“Criminals who have nothing more than a person’s date of birth, address and phone service provider can make the switch all too easily – usually because they’ve managed to collect information about a customer through the theft of mail or by finding personal details about someone from their online activities, such as their date of birth on social media.”

Once a mobile phone number has been ported by a scammer, the victim no longer has access to it. It now belongs to the criminal.

There were 20,220 reported incidents of identity theft scams - or 'phishing' - in 2017 alone.

So the SMS authentication codes for password resets (and verification codes sent by banks for large money transfers) will be received by the scammer who has ‘stolen’ your phone number. SMS-delivered codes are a key security step these days but the crims are onto this supposed safeguard. And once they have changed your passwords, they have access to a veritable Aladdin’s Cave of information.

Stefan Trueck

Protection: AntiPort is the brainchild of Dr John Selby, from the Department of Accounting and Corporate Governance, and Professor Stefan Trueck (pictured), from the Department of Actuarial Studies and Business Analytics, Centre for Risk Analytics.

Your financial security at risk

“Although SMS codes have become an everyday part of our lives to help verify identity, criminals have learnt to exploit the system because it takes only a small amount of personal information to convince a mobile phone service provider to change a mobile phone number over to another provider. And with that, you can lose control of your online accounts and your entire financial security can be compromised,” Dr Selby says.

Identity theft scams, or ‘phishing’ – often in conjunction with mobile number porting - are the most prevalent phone-based scams. According to the Australian Competition and Consumer Commission (ACCC) and the Australian Cybercrime Online Reporting Network (ACORN), there were 20,220 reported incidents in 2017 alone. However, as is the case with many other scams, the true numbers are likely to be far greater than those that were officially reported.

AntiPort is a timely strike against this little-known but widespread form of online fraud. After all, the last thing you want is to lose your newly-inherited €650,000,000 to a scammer.

Six ways to protect yourself from phone scammers

  1. Set up a PIN with your mobile phone service provider for extra security.
  2. Avoid showing your date of birth on social media.
  3. Hide your mobile number on social media.
  4. Quickly collect mail delivered to your home and add a lock to your letterbox.
  5. Use strong and different passwords for every online service you use.
  6. Ignore links or invitations in emails and messages from people you don't know.


Back To Top

Recommended Reading