What is an unauthorized port-out?

An unauthorized port-out occurs when the mobile telephone number tied to a customer’s account is moved to another provider without the customer’s authorization. Fraudsters can use port-outs as a way to hijack your line, intercept your calls and SMS messages, and receive authentication codes from banks, cryptocurrency exchanges, and other financial institutions. 

When a line is ported off of your account without your permission it takes time for the line to be recovered and returned to you. Because of this you may experience a lapse in coverage/service which can impact your day-to-day life.

How does it work?

Fraudsters typically complete unauthorized port-outs after obtaining a customer’s personal information via phishing attacks or by purchasing compromised account credentials through dark web marketplaces. Phishing occurs when criminals send fraudulent requests for personal information to victims, usually posing as a company or government agency. 

Victims of unauthorized port-out attacks frequently have their email accounts compromised prior to the port-out, allowing fraudsters to intercept communications from phone providers.

How do you report a port-out scam? If you’re concerned that you’re a victim of a port-out scam:

> Notify your phone carrier immediately. 

> Contact your financial institutions. 

> File a police report. 

> Place a fraud alert on your credit report. 

> Get copies of your credit report to verify recent activity.

How do you prevent port-outs?

• Preventing port-outs starts with guarding your personal information from hackers.
• Protect yourself by being proactive. Add a PIN and/or password for accessing your accounts at Harborstone. 
• Stay vigilant by enabling text and email account notifications for transactions. If you receive a notification of an unauthorized transaction, call and notify us of the changes immediately.
• Don’t respond if someone calls or texts you asking for personal information. Be aware that the caller may replicate your financial institution’s number.
• Don’t overshare; safeguard personal details that may be used to verify your identity.

Don’t Fall for an Account Takeover Scam

Imagine your surprise: You grab your morning coffee, settle in at your desk, log in to your credit union account, and…. Wait; what? Someone—not you—has cleaned it out.

A scam known as “account takeover” fraud is on the rise, and there are a few things you can watch out for to try to keep it from happening to you.

What it is. The account takeover scam involves theft of your login usernames and passwords with the intent to access, and then take over, your account. By impersonating you online, the scammers can use your account as they wish, which usually means taking the money out for themselves.

(This scam is also used to take over a person’s email and social media accounts, usually as a preliminary step to later get control of their financial accounts.)

How it works. This scam usually begins with the fraudster calling, texting, or emailing you and claiming to be an employee of your credit union, bank, or other business where you have an account. The caller may already have certain personal details about you, such as the last four digits of a card number, the names of others on your account, a partial Social Security number, or your phone number or address.

The information they have can make them seem like a legitimate representative, but don’t be fooled.

The scammer’s next step is to ask you about questionable transactions on your account. When you say the transactions aren’t yours, they say they need to verify some details in order to freeze the card or account and prevent a theft.

They may ask you for your online banking user ID to “verify your identity.” Once they have your user ID, they’ll enter it and use the “forgot password” option to reset your password, usually while they still have you on the phone. If you have two-factor authorization set up, your bank will send you an automatic verification code; the caller will ask for that code, implying that they sent to you.

That’s all it takes. Now the scammer has your user ID, a new password that you don’t know, and full access to your account. Your money won’t stay in that account for long. What’s worse is that the cybercriminals may also attempt “credential stuffing,” where the login and password from one site are used to try to log in to accounts elsewhere.

Protect yourself. Some risk factors for account takeover and other types of identity theft are out of your control. For example, you may be the victim of a data breach, or your information might have been posted to the dark web. But there are some steps you can take to decrease the risk:

• Don’t use the same online user ID and password for multiple sites. Try to use a unique, secure password for every online account. Look into secure password managers to generate and store unique passwords so you don’t have to remember every single one.

• Use multifactor authentication when it’s available. You’ll receive a one-time passcode by text or email each time you log in to your account. Don’t share this code with anyone you don’t know and trust.

• Check your financial accounts often. If you catch errors or unfamiliar transactions quickly, you have a better chance at success in working with the institution to protect your money.

Read more security articles.

Read before splitting the utility bill: Beware of peer-to-peer payment scams

Peer-to-peer (P2P) payment apps that allow people to pay friends and family in minutes have become increasingly popular, but that popularity has contributed to an increase in fraud. If you use an app like Cash App, Venmo, Zelle, or PayPal to transfer money, continue reading for tips about how scammers are accessing people’s money and what you can do to protect yourself.

More people paying via peer-to-peer apps

The pandemic has moved so much of our lives to the virtual space, and paying friends and relatives is no exception. More and more people are using peer-to-peer payment apps, as they are helpful and convenient for paying for everything from splitting the cost of a meal to paying a roommate’s half of the garbage bill to paying for school activities or making charitable contributions. The apps allow you to quickly connect to your bank account and you’re up and running, ready to send money in a flash.  

Scammers will follow

According to the Federal Communications Commission, “As Americans grow more comfortable using these apps, scammers have adapted their tactics to take advantage of the quick and often anonymous access to cash that they provide. Many of the scams listed in our Scam Glossary may now ask for the money to be sent using a P2P app instead of a gift card, an established favorite of scammers.” The FCC also says requests for charitable donations using P2P apps are popular.

AARP says one of the more popular scams is the “accidental transfer of funds scam.” “A scammer sends hundreds of dollars, then sends a follow-up message requesting the money back, claiming it was ‘an accident.’ But the original transfer was made with a stolen debit card; those funds will eventually be removed from your account. And you’re out the money.”

Protecting yourself

When paying via peer-to-peer apps, it’s important to take steps to protect yourself from scammers. Nerdwallet reminds people to set the apps to require a PIN to sign in. Make sure you’re using a PIN on your cell phone too. Sign up for notifications on every transaction to be notified about what’s happing in the app immediately, and pay only people you know—being careful to type the recipient’s information carefully. If money is missent to the wrong person, it’s often gone. It’s also important to link the app to a credit card or checking or savings account, as they can have better protections in case of fraudulent activity than if you store money in the app and pay that way.

Finally, remember to scrutinize every transaction carefully, whether you’re sending or accepting money. Taking the time to check to make sure you do—or don’t—know the person requesting money could save you headaches in the long run.

For more articles to help protect your finances, click here.