Re: [tlug] OT: Does sim-jacking happen in Japan?

[Joe Larabell <joe@example.com>]

On Tue, Mar 15, 2022 at 4:53 PM Benjamin Kowarsch <trijezdci@example.com> wrote:

Japan does have MNP (mobile number portability) and the process to transfer a number is standardised across all service providers.

That's not the most common implementation of this scam... at least in the US (I've never heard either way whether it happens here). The more common version is someone calling a provider or going into the shop and claiming to have lost their SIM card. The provider cuts another SIM card and activates it on the existing account -- no MNP, no changing of providers (which, as you say, would involve a lot of Know-Your-Customer double-checks). An unwary DoCoMo employee cutting a replacement SIM for a customer without checking ID would be enough since the bad guy would put the new SIM in a burner phone and instantly have access to your phone number and email.

One way to put an additional hurdle in place, assuming the 2FA uses an email address, is to use an address that is not associated with your phone. Then getting access to your phone account through a SIM-jacking would still leave them locked out of the real email account that you use for 2FA... the downside being that it might be easier to crack your email account than jack your SIM ;-).

--

Joe Larabell (joe@example.com)

Replies to this address are processed by Google servers so it might be prudent to refrain from discussing anything you wouldn't be willing to write on the back of a postcard.