Google Fi's 'Number Lock' adds protection against SIM swaps - here's how to enable it
SIM swapping is an infamous type of scam in which a cybercriminal takes over your mobile phone account to port your number to another phone or carrier. Now, Google Fi is offering its customers an extra level of protection to guard against such account takeovers.
Describing its Number Lock feature in a new support page spotted by 9to5Google, Google calls it an additional layer of protection against illegal SIM swaps that the company offers to Google Fi customers at no extra cost. With Number Lock enabled, no one can transfer your number to another phone or port it to another carrier.
Also: Multi-factor authentication: How to enable 2FA and boost your security
To enable Number Lock, sign in to your account on the Google Fi website, go to "Phone settings," and select "Privacy & security." Under the setting for "Number lock," select the option for "Sign in to manage Number lock." Enter your username and password again, and then turn on the switch for "Number lock." To disable it, simply follow the same steps and turn the "Number lock" switch back to Off.
SIM swapping has become a popular tactic used by scammers. As described on another Google support page:
"SIM swapping happens when someone is able to steal your phone number by convincing your carrier to port your phone number over to a SIM card they own. For example, someone may call your carrier, pretend to be you, and convince your carrier that you have lost your phone and need to move your number to a new phone."
To protect a Google Fi account or any mobile account from SIM swapping, your best bet is to set up two-factor authentication so scammers can't access your account without that second form of verification. Keep in mind that the type of 2FA you choose makes a big difference.
The least secure method is standard SMS authentication, in which a text message is sent to your mobile phone with a code that you must confirm. For example, if you need to sign in to the Google Fi app or website, you'll be prompted to accept a security request on your phone.
The problem with an SMS message is that cybercriminals can intercept or otherwise capture that text, thereby stealing the code and pretending to be you. Some criminals can go even further. In one series of cases, scammers offered money to former employees at T-Mobile and Verizon to help them pull off SIM swaps.
The more secure and preferred authentication methods are authenticator apps and physical security keys. For the former, apps like Google Authenticator or Microsoft Authenticator display a code number that changes every 30 seconds, which you must enter or verify to sign in. For the latter, a security key is even more secure, as it requires physical access to allow you to sign in to a supported account.
Also: Microsoft's latest Windows 11 security features aim to make it 'more secure out of the box'
The US FCC has been pushing wireless carriers to better protect their customers against SIM swaps and port-out fraud. Based on new FCC rules issued last November, carriers must offer secure methods to authenticate a user before redirecting their phone number to a new device or provider. Furthermore, carriers must notify customers immediately whenever a SIM change or port-out request is made on their accounts.