AT&T has introduced a new security feature aimed at thwarting threat actors looking to pull off SIM-swapping attacks on customer accounts.Dubbed "Wireless Account Lock," the feature allows customers to prevent the registration of new devices on an account without additional verification.“The lock forces an extra step before important account changes can be made,” AT&T said.
“It prevents anyone from buying a device on the account, for example, or conducting a SIM swap – moving a phone number to a SIM in a different device.”The feature is activated and deactivated via the myAT&T mobile app and device owners have the ability to toggle the feature off should they purchase a new device.The idea, according to AT&T, is to thwart attempts at SIM-swapping attacks. In such cases, threat actors will purchase a device and attempt to dupe company employees into tethering the newly bought handset with the target’s phone number.In addition to stealing the victim’s mobile account, SIM-swapping attacks can lead to much larger identity theft attacks as the compromised phones can then be abused to thwart two-factor authentication on things such as bank and email accounts.“If you are trying to keep any type of online account safe, here is a key point: Most attacks happen when someone is pretending to be you,” AT&T said in introducing the new feature.“Criminals put a lot of energy into getting your username and password. They send fraudulent emails and text messages asking you for it. They buy ads on search engines that look like links to real webpages – then ask for your password on a fake site.”According to AT&T the feature is currently limited to postpaid consumer account devices, though the carrier said that it is offering similar options for prepaid and business accounts, including the option for organization administrators to block individual user accounts and devices.The carrier said that the move is part of a larger effort to help its customers take control of their identity information. By making it harder for bad actors to fraudulently register devices, the hope is that it will thwart identity heists and account thefts.“Overall, being able to access accounts online has dramatically improved the way we conduct our personal business,” AT&T said.“Security is a challenge that comes with it. Many smart people are working on a ‘password-less’ future for even better convenience and safety.”
“It prevents anyone from buying a device on the account, for example, or conducting a SIM swap – moving a phone number to a SIM in a different device.”The feature is activated and deactivated via the myAT&T mobile app and device owners have the ability to toggle the feature off should they purchase a new device.The idea, according to AT&T, is to thwart attempts at SIM-swapping attacks. In such cases, threat actors will purchase a device and attempt to dupe company employees into tethering the newly bought handset with the target’s phone number.In addition to stealing the victim’s mobile account, SIM-swapping attacks can lead to much larger identity theft attacks as the compromised phones can then be abused to thwart two-factor authentication on things such as bank and email accounts.“If you are trying to keep any type of online account safe, here is a key point: Most attacks happen when someone is pretending to be you,” AT&T said in introducing the new feature.“Criminals put a lot of energy into getting your username and password. They send fraudulent emails and text messages asking you for it. They buy ads on search engines that look like links to real webpages – then ask for your password on a fake site.”According to AT&T the feature is currently limited to postpaid consumer account devices, though the carrier said that it is offering similar options for prepaid and business accounts, including the option for organization administrators to block individual user accounts and devices.The carrier said that the move is part of a larger effort to help its customers take control of their identity information. By making it harder for bad actors to fraudulently register devices, the hope is that it will thwart identity heists and account thefts.“Overall, being able to access accounts online has dramatically improved the way we conduct our personal business,” AT&T said.“Security is a challenge that comes with it. Many smart people are working on a ‘password-less’ future for even better convenience and safety.”
