For the last few weeks, T-Mobile customers have been receiving text message alerts warning them about “an industry-wide phone number port out scam.”
Motherboard confirmed with T-Mobile on Monday that the alert is authentic. A company spokesperson told Motherboard and Gizmodo that the company is alerting its entire “post-paid customer base,” but said not all customers have received the message yet because, “that takes time and can’t be done all at once.”
T-Mobile also sent the alert out on the T-Mobile app and website.
A Gizmodo editor who uses T-Mobile received the alert on Thursday. A Twitter search shows that people have been receiving the alerts since as early as January 18th. There’s no reason to think this was a strategic effort, but it seems the gradual alerts have averted much public attention about the matter until now.
Port-out fraudsters scam people by calling mobile carriers and impersonating their victims so they can either “port” the target’s number to a different carrier or get a new SIM card for the target’s number.
From there, the scammer can access personal accounts that are linked to the number. For instance, they can request that the target’s bank text them a password reset link.
The method isn’t new, but it seems to be growing more popular among scammers. “Port out fraud has been an industry problem for a long time, but recently we’ve seen an uptick in this illegal activity,” a T-Mobile spokesperson told Gizmodo. “We want to make sure our customers [are] aware of this risk and encourage them to add extra security features to their accounts.”
The alert directs customers to a T-mobile page about the scam, which encourages them to call customer support to add port validation, which requires the creation of a six-to-15-number passcode. Then if someone attempts to port a number, they’ll have to enter the code.
For several months last year a bug on T-mobile’s site allowed hackers to access customers’ account information. The company fixed the flaw once Motherboard informed the company of the issue, but the data made it much easier for scammers to impersonate their targets when contacting T-Mobile.