AT&T Introduces Wireless Account Lock to Combat SIM Swap Fraud

AT&T is rolling out a new security measure called Wireless Account Lock, designed to prevent unauthorized modifications to customer accounts. This move is part of a broader effort to combat a costly form of account hijacking known as SIM swapping, where scammers take over a victim’s mobile number.

The technique, also referred to as port-out fraud, has caused significant financial harm and data breaches, including a case where a scamnetted $400 million in cryptocurrency, exploiting vulnerabilities in two-factor authentication processes.

In addition to SIM swapping, scammers have exploited other methods such as hacking into management platforms used by virtual network operators (VNOs). For instance, in 2022, a breach allowed attackers to access a T-Mobile platform via SIM swap, phishing, and other means.

These attacks often involve impersonating legitimate account holders or bribing employees to make unauthorized account changes. The rise of cryptocurrency’s popularity and its high value has increased the appeal for these scams.

AT&T’s new feature aims to put a lock on mobile accounts, requiring additional verification steps before any changes are made, thus protecting millions of users from fraud and account hijacking.

Arstechnica