According to AntiSocial Engineer, a social engineering consultancy, a knowledgeable cyber criminal may be able to remotely take over a mobile phone and access the owner’s bank account information by using the mobile’s Porting Authorisation Code (PAC), which is comprised of three letters and six numbers.
However, in order to get the mobile’s PAC, the criminal needs to gather several pieces of personal information about the owner of the phone—his or her name, date of birth and his or her mobile number. Then, with this information, the criminal can contact the mobile phone provider and request the mobile phone’s PAC.
Yet, the success of this scheme is largely dependent upon the mobile phone provider’s operator and whether the criminal can convince him or her to provide the mobile’s PAC. If you would like an extra layer of protection for your mobile phone, contact your mobile phone provider and request additional security measures—such as a PIN or password to be used when calling support agents.