Royce WilliamsJul 1
BrianKrebs

AT&T widely launched its Wireless Account Lock feature Tuesday, aiming to strengthen customer protection against account takeovers and SIM-swapping attacks, Cyberscoop writes.

"The Wireless Account Lock, which had been rolling out in waves since earlier this year, is widely accessible for both individual and business customers. The feature follows similar options from competitors such as T-Mobile, Verizon, and Google Fi, which have already moved to bolster protections against SIM swapping and similar attacks."

"The feature is accessed exclusively via the company’s app on a device tied to the account. If the registered device is inaccessible or lost, users must undergo extra authentication steps via AT&T’s customer support to regain or restore control."

https://cyberscoop.com/att-wireless-account-lock-sim-swapping-protection/

AT&T deploys new account lock feature to counter SIM swapping

AT&T has launched a feature to help prevent SIM swapping and unauthorized account changes, offering added security for both individual and business wireless customers.

CyberScoop
Jul 1 at 11:03pmWeb
Show threadDan GillmorJul 1
@briankrebs Isn't it in the "extra authentication" where mobile carriers hand accounts over to fraudsters in the first place? How will this differ?
Show threadBrianKrebsJul 1
@dangillmor In one-off cases, sure. But not really at scale. The most damages I've seen have come from organized rings of young crooks who are phishing mobile phone company employees 24/7, and then try to use the stolen credentials to SIM-swap on demand until the credentials are nixed.
Show threadDan GillmorJul 1
@briankrebs Ah I didn't realize that was the more common method.
Show threadCyber DudeJul 1
T-Mobile has this feature, too. They call it SIM Protection.
Show threadKineneJul 1
@briankrebs I assume this means on carrier-locked devices.
Show threadfogelnetJul 1

@c_merriweather @briankrebs

My devices are not carrier locked and I just enabled it.

Show threadideaPDishJul 2

@briankrebs

ouch.... I'm getting to the complexity, where I have certain accounts that I'm in and out of every day, and others that use apps to login, and rarely use their credentials.

When those companies need another authentication say when app upgrades, I don't necessarily remember the credentials or the questions to reauthenticate, or the non-standard answers to those questions.

Then when I actually get to the reset, I can't re-up an old of former passward because systems don't like that. It's all brittle.

So, ooof.