On Wed, May 27, 2015 at 8:42 AM, Joel Maslak <jmaslak@antelope.net> wrote:
I also suspect not every telco validates number porting requests against social engineering properly.
What national wireless provider _does_ validate porting requests against social engineering? As far as I knew, as soon as the gaining provider receives the filled out online form or written form, with the billing address, Or copy of a bill from the old provider printed off from the losing provider's web portal signed off with a forged signature from the scammer (All information that can be derived through pre-texting or social engineering), The gaining wireless carrier can proceed, and will proceed with a simple port without having to call the number for approval. The sufficiently evil scammer will have the wireless number ported to their pre-paid cell phone within 48 hours, and be ready to receive insecure SMS message from the target's online banking service to confirm the second factor for login. -- -JH