New Zealanders who want to keep their mobile phone number when switching providers – known as number porting – will now receive an authentication message through SMS to help prevent fraud.
Number porting fraud has been relatively rare in Aotearoa, with government cybersecurity agency CERT NZ saying less than 10 Kiwis had been hit by the scam before March last year. But because it can give hackers access to so much of the victim’s online life, the impact can be devastating with the average loss worth around USD 20,000.
Once a fraudster has access to the victim’s mobile phone number, they then can take advantage of the two-factor authentication used by online banks to authenticate logins and large money transfers. Now, with the new SMS authentication system, it will alert the user if their mobile provider has received a request to port their phone number and it will highlight that they should contact their mobile provider and bank immediately if they did not request it.
Number porting was put in place in 2007 to make it easy for consumers to retain their existing phone number when changing mobile providers, said the NZ Telecommunications Forum Communications Director. However, as the industry became concerned recently about the potential for fraudsters to exploit the Number Porting process, these new security measures will add another layer of protection for customers.
A more advanced SMS solution, which will require customers to reply to an SMS confirming they want to port their number, is under development and is expected to be rolled out in October 2021.
As reported by OpenGov Asia, the number of cybersecurity attacks being reported in New Zealand is on the rise. The data comes from CERT NZ’s annual summary for 2020, which has been released recently. It showed the agency received nearly 8,000 reports of cybersecurity incidents last year, a 65% increase from the year before.
According to the agency, they are developing a much richer understanding of the types of threats and issues that are affecting New Zealanders, and New Zealand businesses. Phishing and credential harvesting (where an attacker collects personal data) were the most reported form of attacks and were up 76% in 2019. Behind those were scams and fraud reports, which are up by 11%.
According to experts, there are simple things every citizen can do to try and ensure their safety online. The advice nowadays is to make sure that passwords are unique and long. Users can do that easily by looking around the room and naming four random objects they see – a “really good way” of making a unique password. While forgetting passwords is a reason people reuse the same ones again, uniqueness is important so that if you lose a password someone cannot access more of your online accounts.
Another way is two-step or two-factor authentication, which involves a second step to logging in, like an SMS message with a unique code or approving the log in via a third-party app. Experts say that this is beneficial because if a user gets phished (if they accidentally give out their password), someone else needs a second step to access the account.
Phishing is where the attacker sends a fake message designed to trick the victim into revealing sensitive information, like passwords. Even cyber specialists benefit from that added layer of security.
Another would be automatic backups; users must make sure that their phones and other devices are backed up to places like Google Drive or Microsoft OneDrive.
Alternatively, citizens like Kiwis in New Zealand can call government organisations like CERT NZ, which supports businesses, organisations and individuals affected by cybersecurity incidents.