Have you heard of “SIM-swapping”? It’s a new term that seems to be striking fear into the hearts of smartphone users (and who isn’t a smartphone user?) What is a SIM-swap? A cybercriminal will steal/can steal your personal data including your phone number. The cybercriminal will contact a phone carrier, pretend to be you and claim he lost “his” phone. The individual will convince the carrier to give him a new phone and a new SIM card. Once he gets this, he will disconnect your “old” number, transfer the apps to “his” new phone and viola — you are without a phone and the cybercriminal now has access to your personal data.
MFE Waregeeks has written in the past about the importance of two factor authentication (2FA). One of the ways to authenticate accounts is by having a text sent to your smartphone. If you have that security measure in place, and if your SIM gets swapped, the cybercriminal will now have access to those codes and could potentially infiltrate more of your personal, private data.
Is Your Phone Safe From A Cyber Attack?
How will you know if you’ve been SIM-swapped?
It’s difficult because until you go to use your phone and realize it is “dead” the cybercriminal has already done the damage. You will be spending time trying to figure out why your phone isn’t working. You will call your phone carrier to have them help determine the issue. While you’re doing this, the hacker is making his way through your files, bank accounts, and whatever other private data your phone holds.
By the time you have determined your SIM has been swapped, your passwords will have been changed and you will have no access to your own accounts. You’re in a quandary of trying to gain access to your own information; it’s a nightmare. It’s estimated that more than 3,000 individuals have had this happen to them — SIM-swapping attack. Some individuals report having been blackmailed or having their identities stolen or their information held for ransom.
How can you protect yourself and your personal information?
- Create a PIN (personal identification number) with your phone carrier. Choose a PIN and password that are not easy to crack. Some phone carriers require a PIN when you set up your phone service. They may also require, or offer the option of, using a secret question.
- Notify your phone carrier if you believe your SIM has been compromised. Remember, you will need to act fast if you believe you’re the victim of a cybercriminal SIM-swap.
- Immediately log out of all of your accounts.
- Use a two-factor authentication app. If your 2FA relies only on a text being sent to your phone, it will be difficult for you to recover. If you’re a Gmail user, that service offers free 2FA protection. Sign up for its in-house authenticator app; the app will replace the need for your phone number and generate a one-time use code for your log-ins. Remember: if your phone is compromised you will still have difficulty getting into your account, but this Google authenticator is, at this point, one of the most ironclad ways to protect yourself from a SIM-swap attack.
A SIM-swap attack, so far, appears to be targeting “big money” individuals and has also targeted those individuals who are dealing in cryptocurrency. This doesn’t mean you don’t want to put measures in place to protect yourself, but when it comes down to cyberattacks, this is probably not as big a threat as a phishing scam or a ransomware attack on your business.
I run an IT & Cyber Security Consultancy focusing on Business ContinuityDisaster Recovery (BCDR). We work professionals in many fields including legal and medical. If you have security and business continuity and cybersecurity questions let me know. I am also filling up my calendar with guests on my Security Disciple Podcast. If you’d like to be a guest, please DM me @waregeeks, call (877) 653-7146, or email me email@example.com. www.waregeeks.com