One Monday morning in May, I woke up and grabbed my cell phone to read the news and scroll through memes. But it was out of cell service. I couldn’t make calls or texts.

That, though, turned out to be the least of my problems.

Using my home Wi-Fi connection, I checked my email and discovered a notification that $20,000 was being transferred from my credit card to an unfamiliar Discover Bank account.

I thwarted that transfer and reported the cell phone issues, but my nightmare was just starting. Days later, someone managed to transfer $19,000 from my credit card to the same strange bank account.

I was the victim of a type of fraud known as port-out hijacking, also called SIM-swapping. It’s a less-common form of identity theft. New federal regulations aimed at preventing port-out hijacking are under review, but it’s not clear how far they will go in stopping the crime.

  • superfes@lemmy.world
    link
    fedilink
    arrow-up
    24
    ·
    4 months ago

    Hey guys on the Intertubes, perhaps you’ll never see this, but if you do, please read the following: SMS is a terrible way to 2FA, don’t do it, ever.

    • pelletbucket@lemm.ee
      link
      fedilink
      arrow-up
      7
      ·
      4 months ago

      I was pretty annoyed when a couple apps forced me to start using an authenticator, but I’m glad for it now.

      • Rentlar@lemmy.ca
        link
        fedilink
        arrow-up
        6
        ·
        4 months ago

        I joined the pro-OTP club when I found open source alternatives to Google, Microsoft Authenticator and Authy (which Twilio would later ruin). Before I didn’t like it.

      • floofloof@lemmy.ca
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        4 months ago

        Pretty much all the sites I use offer authenticator apps or passkeys/security keys. But my bank only offers SMS and sets a limit on password length.