In the fast-moving world of cybercrime it seems there is always a new scheme with new jargon to keep up with. The latest these days is a scheme called “SIM Swapping”. The plan is simple if you keep a few things in mind – with two-factor authentication gaining popularity, it’s harder now to hack accounts with simply a password. Hackers need a mobile device to get an authentication code in order to break into accounts. Seems almost impossible, right? Well, there are some devious minds out there; enter SIM Swapping.
So, What Is Sim Swapping?
SIM Swapping is a piece of a larger hacking puzzle: first, the attackers will likely have other pieces of data on you: your email and password, address, and other information that can often be purchased on the dark web.
SIM Swappers will “dupe” or trick an employee of a mobile phone store to swap or port your personal telephone number over to a device that the hackers control. Because they have sensitive pieces of your information this is sometimes easy to do. They can answer sensitive “security” questions that the mobile agency might ask, and a confident criminal can often impersonate someone quite convincingly. These phone store employees are often unwitting accomplices to these cyber crimes, unfortunately.
Another way that SIM swappers can gain access to your phone number is through a “plug”, an employee who is a member of a SIM swapping crime ring who is often paid for their services.
SIM Swapping is a dangerous game; recently a Florida teenager who was serving as an apprentice in a cybercriminals group was held at gunpoint for a $200,000 payment from a rival cybercriminal group. The video of the attack was circulating widely on Telegram hacking channels and shows a dark side to this “nerdy” crime.
The Florida teen is now cooperating with the FBI and word spread fast on the online channels to delete any trace of messages with the teenager known only by his handle as “Foreshadow”.
How can you keep yourself safe from SIM swapping?
Ensure you use 2fa authentication on ALL your devices. Instead of using a mobile number as your second form of authentication, try using an authentication encryption app such as Authenticator, Google Authenticator, and LastPass’s authenticator. These are much, much harder for criminals to crack or obtain access to. However, they are harder to recover if lost so ensure that you keep your backup codes in a secure location.
If your phone suddenly stops connecting to a network, you may have been SIM Swapped. Call your banks immediately and freeze all payments.
Watch out for suspicious phishing attempts that can gain access to your sensitive personal data by tricking you into giving it up. Phishing attempts include “fake” emails from banks and phone companies, and other attempts to fool you into thinking a correspondence is real.
Use a secure, encrypted password manager such as LastPass or True Key in order to save your passwords – and remember to set up two factor authentication for this app as well!
If you’re extra nervous, you can also set up an identity protection service that can act as a backup and cushion in the event that all of your careful preparations don’t work.