What is mobile phone porting?
Mobile phones are an integral part of our modern lives, in turn cases of phone porting have also risen. Between 2018 and 2019, IDCARE estimate that phone porting cost Australians over $5.4 million.
Mobile phone porting is when your mobile phone number is ported (transferred) to a new telecommunications provider (‘telco’) without your permission.
How do criminals use phone porting?
- Criminals may try to take control of your phone number by porting it to a new provider.
- They’ll then be able to receive SMS authentication codes sent by your bank and other service providers.
- This allows them to authorise online banking transfers or change account details without your knowledge.
- Criminals can also use phone porting to gain control of email accounts, superannuation or government accounts, so they can access more personal information or transfer funds.
How does phone porting happen?
Depending on the telco provider or mobile phone carrier, a phone number port can often be initiated with just the owner’s name, mobile number and date of birth.
These details are often easily found on social media accounts, or phishing sites pretending to be legitimate companies may ask you for them too. Criminals can also access this personal information by stealing mail out of letter boxes or rubbish bins.
The dangers of phone porting – a case study
During the work day, Sarah*, 31, a mother of two, received a text message from her telco requesting her consent to port her mobile number to a different provider. In the middle of a meeting, Sarah responded to the message and approved the request, as she thought it was related to the fact she was moving house.
However she hadn’t requested to change mobile phone providers, and just six minutes later, she received another text confirming her phone had been successfully ported.
Shortly after, her phone switched to ‘SOS mode’ with no service, meaning she couldn’t use it.
What happened?
Sarah says, “I was confused, I had to call my phone provider on a landline. While I was on hold, I could see my laptop screen. I received an email saying that my password for one of my loyalty programs had been changed, which wasn’t me.”
Shortly after, Sarah saw another email saying that someone had purchased $870 worth of iTunes vouchers using my points. “The emails kept coming and I felt helpless,” she recalls.
After identifying herself to her telco, Sarah had to convince them that she hadn’t requested her number to be ported. Her telco agreed to block the number, which prevented the criminals from using it to access any more of her accounts.
A phishing scam
With the help of her bank, Sarah pieced together that she had been the victim of phishing.
She remembers receiving an email she thought was from the Australian Tax Office (ATO) asking her to verify some information to process a tax refund. Sarah had clicked on a link in the email and was taken to a fake ATO website, where she was prompted to provide personal and banking information. Excited by the idea of a tax refund, she gave them her full name, date of birth, phone number, banking username and password.
The damage
Once the criminals had this information, they contacted Sarah’s phone provider and successfully ported her mobile phone number into their control. They logged into her online banking account and were able to receive the SMS code sent by the bank to authorise a transfer of $15,000. However, the transfer was unsuccessful as the bank stopped it due to unusual activity.
The fraudsters were also able to steal $870 worth of iTunes vouchers bought with Sarah’s points from a loyalty program, and attempted unsuccessfully to access her email account. This event caused Sarah an untold amount of stress and anxiety.
Sarah spent days changing passwords for all her accounts and re-verifying her identification with service providers. Most importantly, she placed a PIN on the account she held with her telecommunications provider to prevent this from happening again.
*Name has been changed for privacy reasons.
How to protect yourself against phone porting
Signs to look out for
- Unexpected text messages from your mobile service provider advising that “you” have requested your number be ported to a different network provider. This could indicate a criminal is trying to port your phone.
- Your mobile phone service is suddenly disconnected, and may show “SOS only” where the carrier name usually appears on the screen. This could be a warning sign that your phone has been transferred to another provider without your authorisation.
What to do if you think your phone has been ported
- If your phone service doesn’t return in a short period, contact your mobile provider immediately to confirm why.
- If your mobile has been transferred to another provider without your permission, call us on 13 22 65.
Tips to prevent phone porting
- Contact your mobile service provider and request a PIN be placed on your account.
- Remove or hide personal information such as your date of birth, address and mobile number from social media accounts.
- Create strong and unique passwords for all your accounts. Consider using a password manager tool to securely store your passwords. For more information on how to create stronger passwords, visit using safe passwords.
- Be on the lookout for suspicious emails, text messages and calls requesting personal and banking information. We will never ask you to confirm, update or disclose personal or banking information via a link in an email or text message. To learn more, visit how to identify spam and phishing messages.
- Report suspicious messages to phish@nab.com.au and then delete them, without clicking on any links or attachments.
- Access the NAB website by typing nab.com.au into your browser, rather than clicking on links or attachments.
- Turn on two-factor authentication for your NAB accounts, and ask your mobile provider if you can do the same for your mobile phone account. This means another piece of information (such as a password, or code sent to you via SMS) is required before certain actions can be taken.
- Ensure you have a locked padlock on your letterbox, and shred any documents such as bank statements before disposing of them.
- Stay up to date with the latest security alerts and learn how to stay safe online on our security homepage.
Helpful resources
How we can help
If you’re a NAB customer and you believe your business or personal accounts have been impacted by fraud or a scam, we’re here to help. Explore the immediate steps you can take to protect yourself and discover when you should get in touch with us to make a report.
Learn what to do in the event of fraud or scams
Get updates on the latest fraud alerts
IDCARE
IDCARE is Australia and New Zealand's not-for-profit counselling and support service set up to assist Australians impacted by identity theft and cyber-related crimes.
IDCARE can assist NAB customers to navigate through the process when identity details or credentials have been compromised through fraud or scams. IDCARE is a free service for all Australians.
Learn more about IDCARE, opens in new window
Australian Government | Australian Cyber Security Centre (ACSC)
The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together in a single location. It’s the hub for private and public sector collaboration and information sharing to combat cyber security threats. ACSC provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats such as software vulnerabilities, online scams, malicious activities and risky online behaviours.
Learn more about the Australian Cyber Security Centre, opens in new window
Australian Government | ReportCyber
ReportCyber is a secure reporting and referral service for cybercrime and online incidents which may be in breach of Australian law. The ReportCyber website provides a cybercrime reporting mechanism as well as helpful information about cybercrime.
Learn more about ReportCyber, opens in new window
Australian Competition and Consumer Commission | Scamwatch
Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.
Learn more about Scamwatch, opens in new window
Australian Government | Office of the eSafety Commissioner
The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and address illegal online content.
Learn more about the Office of the eSafety Commissioner, opens in new window
Australian Government | Attorney-General’s Department
The Attorney-General’s Department website provides helpful information and resources about your rights and protections in regards to identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people protect their identity and recover from the effects of identity crime.
Learn more about the Attorney-General’s Department, opens in new window
Related articles
How to keep your identity safe online
Your identity is your most valuable asset. Protect it. Your freedom depends on it.
How to secure your accounts with multi-factor authentication
Multi-factor authentication can protect you from cybercriminals.
How to identify spam and phishing messages
Be on the lookout for suspicious messages and avoid being a target of cyber-criminals.
Important information
Apologies but the Important Information section you are trying to view is not displaying properly at the moment. Please refresh the page or try again later.