Imagine you’re sitting at the dinner table, and suddenly your phone comes alive with the opponent’s alert after the opponent’s alert. You can see the transactions are flowing in, and your account balance is flowing away, but you can’t do anything about it. You try to call for help, but the line does not connect; Texting isn’t an option either.
You’ve become the latest victim of a SIM swap (Subscriber Identity Module) attack, and you’re trapped – it’s a horrible experience. Read on to find out what SIM swapping is and what you can do to prevent it from happening to you.
What is a SIM card swap and how does it work?
SIM swapping, also known as SIM hacking, is a fraudulent way to gain access to someone’s phone number. It happens when a criminal convinces your mobile service provider to transfer your phone number to a different SIM, usually in their possession. If they succeed, you are automatically at a disadvantage.
Here’s why. Scammers can swap your SIM card from their homes, provided they have your personal data. On the other hand, a full swap will result in your line being disconnected, and you can only get it back after you visit the carrier in person and prove that you are the owner of the account.
Interestingly, the hacker does not even need any advanced technical knowledge – it is enough to have a SIM card and a phone call to your provider. Of course, they have to provide some personal information, but it is very easy to obtain these days through social media accounts and even data exposed in large-scale breaches. Using this information, cybercriminals can trick mobile service personnel into converting the number associated with your SIM card into a number in their possession.
What can scammers get from swapping your SIM card?
In short: Access.
Your SIM is a gateway to many essential services. You use it to receive calls and text messages, and it’s likely associated with your bank, email, and social media accounts for two-factor authentication (2FA) requests. With all this information at their fingertips, scammers can log into and empty these accounts, as well as gain access to your contacts. This makes it easy for them to deceive friends and family.
Two-factor authentication (2FA) is designed to increase security on the Internet. Rather than simply logging into online accounts with a password, two-factor authentication (2FA) requires writing a time-limited code before full entry can be obtained. It is pervasive for the extra security it provides, as malicious parties have to take control of both your password and your phone to infiltrate your accounts.
Unfortunately, the strength of the system is also part of its weakness. Authentication codes are usually sent via emails, mobile numbers, and authentication apps, which means that entry is the responsibility of the person who owns your card or phone. This is in contrast to a fingerprint or face ID, which requires your physical presence. Cybercriminals know this and try to take advantage of this vulnerability when they get to your mobile phone.
Government agencies and carriers are trying to combat SIM swapping. The FCC announced late last year that it was drafting rules to combat SIM swapping and port fraud. In the process, T-Mobile has already implemented some internal protocols to improve the system – changing the SIM card will now require SMS verification or approval from two carrier employees rather than a single manager alone. It’s not foolproof, but it is a step in the right direction.
What are the signs of SIM swap fraud?
During a SIM swap, the sooner you can reverse changes to your accounts, the better. If you notice any of the following warning signs, contact your cell phone service provider immediately, you may be under attack.
- You are locked out of your phone’s Internet account.
- Your phone loses service, or you cannot receive calls or texts even with good reception.
- You receive phone service notifications for actions you haven’t taken.
How to prevent SIM swapping
The cost of swapping a SIM can be disastrous. Your best bet is to take precautions to avoid becoming a victim in the first place. Here are some steps you can take to stay safe.
1. Protect your phone and SIM card
Most phones ship with some form of protection, including PINs, passwords, patterns, fingerprint scanning, and facial recognition. The latter two are very common in modern devices, so enable them to add another layer of security.
Aside from your phone, you should also protect your regular SIM card. You can lock it with a numerical PIN that you must enter every time you restart your device. Your Android or iPhone should allow you to create a PIN in Settings. Just make sure not to use your birthday or the birthday of someone important to you.
2. Lock your phone number with your service provider
Many network service providers offer Port Freeze or Number Lock to protect your mobile number from unauthorized transfer. Once activated, your number cannot be transferred to another line or carrier unless you remove the lock, either with a PIN or by walking into the store. If your carrier allows this feature, this is an excellent way to enhance the protection of your SIM card.
3. Use strong passwords and security questions
If you’re still using your birthday or middle name as a password, it’s time to stop. You need to create a strong password that’s nearly impossible to guess – something with at least 12 characters long, including different letter cases, numbers or special symbols. It is also a good practice to use different passwords for different accounts so that breaching one does not become a breach for all.
But how do you remember so many passwords? not do. Instead, take advantage of password managers to store them. Aside from strengthening your passwords, you should also try to identify questions of identity that your close acquaintances might find difficult to guess.
4. Turn on the binary selection
Two-factor authentication (2FA) is another way to quickly add an extra layer of security to your accounts. Sign in to platforms that enable two-factor authentication (2FA), such as Google, turn them on, and that’s it. You can even make it more secure by eliminating the risks associated with SMS-based authentications. Use 2FA apps like Google Authenticator or Authy whenever possible.
5. Enable biometric authentication on your device
Passwords, PINs, and 2FAs are great. But Face ID and Touch ID offer a level of protection beyond that simply because they require your physical presence to operate.
Whenever possible, use mobile apps and services that support two-factor biometrics. This way, even if thieves get their hands on your phone number, they won’t be able to get past the biometric barrier.
6. Limit how much personal information you share online
Scammers can take advantage of even the smallest details to convince your carrier that it is you. So avoid posting your full name, address, phone number and date of birth on public platforms. Also, resist the urge to over-share your personal life details like your pet’s name, best friend’s location, favorite food, etc., on social media. You may have included it in some of your online security questions to verify your identity.
7. Be wary of phishing emails, texts and calls
Phishing is as old as the internet. It is a social engineering attack often used to steal login credentials, credit card numbers and other user data. Phishing usually involves criminals trying to impersonate reputable organizations, such as banks, government organizations, and health offices, assuming that you won’t hesitate to answer their questions or check their emails because you trust these organizations.
However, note that your bank, government, or any reputable health office will never ask you for your personal information online. If you receive such calls or messages, close or delete them even if they seem legitimate. You can always contact the agency to confirm awareness.
Jot down these seven tips and try to implement as many as possible to reduce the chances of your SIM swapping. Do you have any tips to share in the comments?
For those times when you don’t want to say “Hey Google”
read the following
About the author