One Monday morning in May, I woke up and grabbed my cell phone to read the news and scroll through memes. But it was out of cell service. I couldn’t make calls or texts.
That, though, turned out to be the least of my problems.
Using my home Wi-Fi connection, I checked my email and discovered a notification that $20,000 was being transferred from my credit card to an unfamiliar Discover Bank account.
I thwarted that transfer and reported the cell phone issues, but my nightmare was just starting. Days later, someone managed to transfer $19,000 from my credit card to the same strange bank account.
I was the victim of a type of fraud known as port-out hijacking, also called SIM-swapping. It’s a less-common form of identity theft. New federal regulations aimed at preventing port-out hijacking are under review, but it’s not clear how far they will go in stopping the crime.
I was pretty annoyed when a couple apps forced me to start using an authenticator, but I’m glad for it now.
I joined the pro-OTP club when I found open source alternatives to Google, Microsoft Authenticator and Authy (which Twilio would later ruin). Before I didn’t like it.
Pretty much all the sites I use offer authenticator apps or passkeys/security keys. But my bank only offers SMS and sets a limit on password length.