Protect UBC Mobile Phones Against SIM Swapping

Privacy Matters @ UBC has recommend that UBC mobile phone users take steps to protect UBC’s phones against a risk known as SIM swapping. This is where a hacker gains your mobile phone number and contacts your service provider to arrange for the phone number to be ported to another device and provider.

Due to Canadian Radio-television and Telecommunications Commission (CRTC) provisions, service providers have a limited time to make this switch, and often consists of just a text to the current owner. If a service provider requests confirmation and a the account holder does not respond quickly, the change will be made. This has resulted across Canada in many cases of financial fraud and loss because many banks use multi-factor authentication for password changes etc. which are sent to the cell number on file. It could also result in potential unauthorized access into UBC systems.

UBC IT is recommending UBC cell phone users implement “port protection” on all cell phones. This will mean that a number cannot be “ported” before further verifying with account holder. This may delay legitimate account changes but will provide more security. This can be done through your provider directly, or with the support of your office administrator if the contract is owned by UBC.

In circumstances where it is not possible to implement port protection, check what services (banking, social media, email) use text/phone for a second authentication and change these to use an alternative authentication mechanism or implement a third factor authentication e.g. a personal verification question for these services.