What Is Sim Swap Attack?
A SIM swap attack, also known as a SIM intercept attack, is a form of identity theft in which an attacker convinces a cell phone carrier into switching a victim’s phone number to a new device in order to gain access to bank accounts, credit card numbers and other sensitive information. Relatively new and on the rise, SIM swap attacks are increasing in popularity due to the growing dependence on cell phone-based authentication methods.
Cell phone SIM cards are used to store information about its user and communicate with the Global System for Mobile communication (GSM). Without a SIM card, devices cannot be registered to an account, network or subscription. By compromising the SIM, this introduces a type of attack that does not affect the programming of the device at all, but rather disables it remotely without the victim’s knowledge.
The first step in a SIM swap attack is for the hacker to phish for as much information about the victim as possible. Through fraud emails, phone calls or social media accounts, hackers trick victims into revealing personal information such as legal names, birthdates, phone numbers and addresses that may be tied to account security.
After the attacker has collected enough information to fake the victim’s identity, they will call the cell phone provider to claim the original SIM card has been compromised and that they would like to activate a new one in their possession to the same account. Using the personal data previously collected, attackers can usually answer security questions without raising alarm and complete the transaction.
Once this is complete, the attacker has access to all of the victim’s text messages, phone calls and accounts that may be linked to the phone number. Since a large amount of banking, email and social media accounts can be retrieved or reset with mobile authentication, SIM swap attacks leave massive amounts of information vulnerable. If not caught early on, the attacker could potentially open new bank accounts to transfer funds in the victim’s name or lock the victim out of all accounts.
How Does a SIM Card Work?
Do you remember when you purchased your last phone? You might’ve noticed that one of your carrier’s representatives swapped your SIM card from your old phone to your new one.
Believe it or not, that tiny chip in your phone stores all of your essential account information. When its 20-digit ICCID number falls into the hands of a skilled criminal, you’re in trouble.
How to identify a SIM swap attack?
The tell tale sign of a SIM swap attack is the discontinuation of sending or receiving text messages and calls to a device. Once the attacker has successfully redirected a phone number, the victim’s device will practically void its communication capabilities.
Cell phone users can also contact the provider to inquire if a SIM activation has been requested. Certain mobile carriers will also send an email confirmation of the SIM swap, verifying that account holder made this.
How to Protect Yourself Against Sim Swap Attack?
While there’s not much you can do once a hacker gets hold of your SIM card information, there are still methods you can use to prevent it from happening. Here are some of the most effective ways to halt hackers:
1. Change Your 2FA Method
Receiving your 2FA through text messages is convenient and all, but it can only make your situation worse when you’re a victim of SIM card swapping.
Opting to use an authenticator app like Authy or Google Authenticator associates your OTP with your actual phone, rather than your phone number. Simply connect the app to your most important accounts and you’ll receive your security codes through the app instead.
2. Separate Your Phone Number From Your Accounts
Have you ever used your phone as a way to change your password? When hackers steal your SIM card data, they can too.
Once hackers have locked you out of your own accounts, they’ll gather as much information as they can. Criminals won’t hesitate to take money out of your bank account, or even worse, sell your personal information on the dark web.
Deleting your phone number from your most important online accounts can save you the headache of worrying about a SIM card swap. If you’re required to have a phone number associated with your account, get a VoIP number with Google Voice instead.
To delete your phone number from Google you need to sign in to the Google Account page and head to the Personal Info section. If you see your phone number, make sure to delete it.
In the Security section, scroll down, and remove your phone number from the “Ways we can verify it’s you” option.
For Amazon, click Your Account, and then navigate to Login & Security. Erase your phone number or add a VoIP number from there.
You can also erase your phone number from PayPal by clicking the gear icon in the corner of the web page. Under the Phone section, choose to change your number.
You should also erase your phone number on major social media sites, online retailers, and especially your online banking account.
3. Set Up a PIN with Your Mobile Carrier
Adding a PIN to your account makes it harder for a hacker to gain access to it. A SIM swapper will have to provide your secret PIN or passcode when trying to make changes to your account, and that’s why it’s so important to have one.
Fortunately, you can add a PIN to your account by visiting your carrier’s website.
If you’re a customer at Verizon, you’re required to have a PIN. To edit or add a PIN to your account, sign in to your account Verizon’s PIN management page. After you determine your PIN, re-type it, then hit Submit.
To create a PIN on T-Mobile, sign in to your My T-Mobile account. You’ll have to pick a verification method and hit Select. Once this is complete, enter your PIN code, and click Next to confirm.
With AT&T, you can add a passcode to your account by signing in, and going to your Profile. Under Wireless passcode, hit Manage extra security. Clicking the checkbox will require you to provide a passcode when making major changes.
You can add a PIN from the Sprint website by signing in to your account, and selecting My Sprint. Click Profile and security. Then locate the Security information section. Simply add or edit your PIN, and hit Save.
4. Beware of Phishing Scams
You should always delete sketchy emails that ask for your personal information. Banks and other institutions will never request confidential information via email. These types of emails are always a result of a hacker trying to steal your information.
5. Use Encrypted Messaging
SMS doesn’t support encryption, which means that hackers can easily spy on your messages and steal your 2FA codes. Using an encrypted messaging app such as iMessage, Signal, or WhatsApp can prevent nosy hackers.
Are You a Victim of SIM Swapping?
Many victims don’t realize they’ve been SIM swapped until it’s too late. The biggest warning sign of the fraud is a loss of cell reception.
Some banks and mobile carriers have security measures that prevent SIM card swapping from happening in the first place. Your carrier may let you know if your SIM card has been re-issued, while banks will usually send you an alert if it detects unusual activity on your account.
Having your mobile number attached to your accounts makes signing in simple. However, you can’t always count on your phone number staying safe forever. SIM card swapping poses too much of a threat to guarantee your privacy.
Be on the lookout for phishing emails, as answering those malicious inquiries can make a hacker’s job easy. If you don’t know what a phishing email looks like you can read our previous articles. Hope this article was helpful for you. Leave us a comment below if you have anything to share.