Article tags

Estimated reading time is 5 minutes.

Mobile phones are an integral part of our modern lives. We rely on them to keep in touch, stay informed and organise our busy schedules. As the reliance on mobile phones has increased, however, cases of phone porting have also risen. Between 2018 and 2019, IDCARE estimate that phone porting cost Australians over $5.4 million.

What is mobile phone porting?

Mobile phone porting is when your mobile phone number is ported (transferred) to a new telecommunications provider (‘telco’) without your permission.

How do criminals use phone porting?

  • Criminals may try to take control of your phone number by porting it to a new provider.
  • They’ll then be able to receive SMS authentication codes sent by your bank and other service providers.
  • This allows them to authorise online banking transfers or change account details without your knowledge.
  • Criminals can also use phone porting to gain control of email accounts, superannuation or government accounts, so they can access more personal information or transfer funds.

How does phone porting happen?

Depending on the telco provider or mobile phone carrier, a phone number port can often be initiated with just the owner’s name, mobile number and date of birth.

These details are often easily found on social media accounts, or phishing sites pretending to be legitimate companies may ask you for them too. Criminals can also access this personal information by stealing mail out of letter boxes or rubbish bins.

The dangers of phone porting – a case study

During the work day, Sarah*, 31, a mother of two, received a text message from her telco requesting her consent to port her mobile number to a different provider. In the middle of a meeting, Sarah responded to the message and approved the request, as she thought it was related to the fact she was moving house.

However she hadn’t requested to change mobile phone providers, and just six minutes later, she received another text confirming her phone had been successfully ported.

Shortly after, her phone switched to ‘SOS mode’ with no service, meaning she couldn’t use it.

What happened?

Sarah says, “I was confused, I had to call my phone provider on a landline. While I was on hold, I could see my laptop screen. I received an email saying that my password for one of my loyalty programs had been changed, which wasn’t me.”

Shortly after, Sarah saw another email saying that someone had purchased $870 worth of iTunes vouchers using my points. “The emails kept coming and I felt helpless,” she recalls.

After identifying herself to her telco, Sarah had to convince them that she hadn’t requested her number to be ported. Her telco agreed to block the number, which prevented the criminals from using it to access any more of her accounts.

A phishing scam

With the help of her bank, Sarah pieced together that she had been the victim of phishing.

She remembers receiving an email she thought was from the Australian Tax Office (ATO) asking her to verify some information to process a tax refund. Sarah had clicked on a link in the email and was taken to a fake ATO website, where she was prompted to provide personal and banking information. Excited by the idea of a tax refund, she gave them her full name, date of birth, phone number, banking username and password.

The damage

Once the criminals had this information, they contacted Sarah’s phone provider and successfully ported her mobile phone number into their control. They logged into her online banking account and were able to receive the SMS code sent by the bank to authorise a transfer of $15,000. However, the transfer was unsuccessful as the bank stopped it due to unusual activity.

The fraudsters were also able to steal $870 worth of iTunes vouchers bought with Sarah’s points from a loyalty program, and attempted unsuccessfully to access her email account. This event caused Sarah an untold amount of stress and anxiety.

Sarah spent days changing passwords for all her accounts and re-verifying her identification with service providers. Most importantly, she placed a PIN on the account she held with her telecommunications provider to prevent this from happening again.

*Name has been changed for privacy reasons.

How to protect yourself against phone porting

Signs to look out for

  • Unexpected text messages from your mobile service provider advising that “you” have requested your number be ported to a different network provider. This could indicate a criminal is trying to port your phone.
  • Your mobile phone service is suddenly disconnected, and may show “SOS only” where the carrier name usually appears on the screen. This could be a warning sign that your phone has been transferred to another provider without your authorisation.

What to do if you think your phone has been ported

  • If your phone service doesn’t return in a short period, contact your mobile provider immediately to confirm why.
  • If your mobile has been transferred to another provider without your permission, call us on 1300 651 656.

Tips to prevent phone porting

  • Contact your mobile service provider and request a PIN be placed on your account.
  • Remove or hide personal information such as your date of birth, address and mobile number from social media accounts.
  • Create strong and unique passwords for all your accounts. Consider using a password manager tool to securely store your passwords. For more information on how to create stronger passwords, visit using safe passwords.
  • Be on the lookout for suspicious emails, text messages and calls requesting personal and banking information. We will never ask you to confirm, update or disclose personal or banking information via a link in an email or text message. To learn more, visit how to identify spam and phishing messages.
  • Report suspicious messages to and then delete them, without clicking on any links or attachments.
  • Access the NAB website by typing into your browser, rather than clicking on links or attachments.
  • Turn on two-factor authentication for your NAB accounts, and ask your mobile provider if you can do the same for your mobile phone account. This means another piece of information (such as a password, or code sent to you via SMS) is required before certain actions can be taken.
  • Ensure you have a locked padlock on your letterbox, and shred any documents such as bank statements before disposing of them.
  • Stay up to date with the latest security alerts and learn how to stay safe online on our security homepage.

Helpful resources

How to keep your identity safe online

Your identity is your most valuable asset. Protect it. Your freedom depends on it.

How to use social media securely

Social media can provide others with access to your personal world. Make sure you're only sharing what you want to share.

How to secure your accounts with multi-factor authentication

Multi-factor authentication can protect you from cybercriminals.

How to identify spam and phishing messages

Be on the lookout for suspicious messages and avoid being a target of cyber-criminals.