FCC unveils its methods to stop SIM swapping scams and robocalls

News
By published

The FCC is taking the fight to scammers

Shutterstock
(Image credit: Shutterstock / ImYanis)

The Federal Communications Commission (FCC) has laid out its plans to stop both SIM swapping attacks and robocalls in an effort to protect US smartphone users from fraud and identity theft.

For those unfamiliar, SIM swapping is a technique used by an attacker in which they convince a mobile carrier to transfer a victim's phone number from their SIM card to one they own and control. Once in control of a victim's number, the attacker can receive two factor authentication (2FA) messages to take over their online accounts.

The FCC's Notice of Proposed Rulemaking puts forward a number of ways to address SIM swapping  such as amending the Customer Proprietary Network Information (CPNI) and Local Number Portability rules so that mobile carriers would have to authenticate that a customer really is who they say the are before redirecting their phone number to a new SIM card or device. At the same time, the notice proposes requiring mobile carriers to immediately notify customers whenever a SIM change or port request is made on their accounts.

In addition to SIM swapping, these new changes will also address port-out fraud which occurs when an attacker poses as a victim and opens an account with another carrier in their name. They then arrange for the victim's phone number to be transferred or “ported out” to the account with the new mobile carrier which they control.

Robocall Mitigation Database

In order to combat robocalls, the FCC set a deadline for June, 20 of this year for large mobile carriers to implement the STIR/SHAKEN protocols while smaller mobile carriers have been given an extension to do so until June of 2023. As part of these efforts, mobile carriers were required to certify that they have implemented STIR/SHAKEN though they also had to submit a detailed robocall mitigation plan with the FCC. 

Beginning today though, if a mobile carrier's certification and other required information is not in the FCC's Robocall Mitigation Database, other mobile carriers and intermediate providers will be prohibited from directly accepting that providers traffic. This means that if a mobile carrier hasn't submitted the necessary paperwork, other carriers won't be able to send calls from its network to their customers.

The deadline seems to be working though as 4,798 companies have filed in the Robocall Mitigation Database and all of the largest mobile carriers in the US have certified their implementation of the SHIR/SHAKEN protocols.

Acting FCC Chair Jessica Rosenworcel provided further details on how the government agency is fighting robocalls in a press release, saying:

“The FCC is using every tool we can to combat malicious robocalls and spoofing – from substantial fines on bad actors to policy changes to technical innovations like STIR/SHAKEN. Today’s deadline establishes a very powerful tool for blocking unlawful robocalls. We will continue to do everything in our power to protect consumers against scammers who flood our homes and businesses with spoofed robocalls.”

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
China
US Government officials urged to lock down devices amid telecoms breach
mobile phone
Forget phishing, now "mishing" is the new security threat to worry about
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
RCS encryption is still months away following major US telecomms breach
An illustration of a hooded hacker with an obscured face holding a large fingerprint against a red background.
ID theft – what happens when someone steals your identity
Representational image of a shrouded hacker.
Getting to grips with Adversary-in-the-Middle threats
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock
Man using iMessage on an iPhone
Apple will finally enable encrypted RCS messages between iOS and Android, and it's about time
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
More about security
Data Breach

Thousands of healthcare records exposed online, including private patient information
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.

AI agents can be hijacked to write and send phishing attacks
iRobot Roomba Vac Robot Vacuum Q0120 with iRobot app displayed on green background with TechRadar don't miss sign

This cheap entry-level Roomba robot vacuum is now almost 50% off at Amazon
See more latest
Most Popular
AI writer
Coding AI tells developer to write it himself
Data Breach
Thousands of healthcare records exposed online, including private patient information
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Nvidia RTX 6000
Details of Nvidia's fastest video card ever leak; RTX Pro 6000 Blackwell GPU will have 96GB GDDR7 ECC memory
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
Hasselblad X2D 100C camera in user's hand, their blue jacket in background
My dream Hasselblad camera is getting a sequel soon, according to new leaks – here are 5 upgrades I’m hoping for
Harry Halpin, CEO and co-founder of Nym Technologies, and Chelsea Manning, Nym Technlogies' security consultant, on stage at the Frontline Club in London during the NymVPN launch on March 13, 2025.
NymVPN is now live – here's everything you need to know
Sony UBP-X700/K shown from the front
Sony launches new version of the best cheap 4K Blu-ray player that drops the streaming tech – but the price looks odd