Ways / Means
Sick / Visiting
News - All - 20 Jan 2020
News Item 14 of 4671
Miscellaneous: 20 Jan 2020
SIM swapping is a serious trend you should know about.
Phone number theft is something most don't think is even possible, but it's all too easy for hackers to do, giving them the keys to take over your online accounts.
A recently published study showed just how easy it is for hackers and fraudsters to take control of your phone number, potentially leading to thousands of dollars in fraud -- that's your money on the line. The practice of SIM swapping is becoming more common, and despite carriers putting safeguards in place, it's scary how quickly the researchers were able to take over a phone number.
The SIM card inside your phone is a small plastic chip that tells your device which cellular network to connect to, and which phone number to use. We rarely ever think about SIM cards, except maybe when we get a new phone.
But here's the problem -- hackers know that SIM cards are a fairly easy access point when it comes to taking over someone's phone number, and in turn, gain access to their online accounts.
SIM cards seem so minor, don't they?
SIM swapping occurs when someone contacts your wireless carrier and is able to convince the call center employee that they are, in fact, you, using your personal data.
They do this by using data that's often exposed in hacks, data breaches, or information you publicly share on social networks to trick the call center employ into switching the SIM card linked to your phone number, and replace it with a SIM card in their possession.
Once your phone number is assigned to a new card, all of your incoming calls and text messages will be routed to whatever phone the new SIM card is in.
At first glance, it seems somewhat harmless. But when you consider that most of us have our phone numbers linked to our bank, email and social media accounts, you quickly begin to see how easy it would be for someone with access to your phone number can take over your entire online presence.
Watch this: Time to delete your (unused) apps
Matthew Miller, a contributor to CNET sister site, ZDNet, fell victim to a SIM swap scam last year, and he's still experiencing the repercussions of the fallout. Whoever took over Miller's phone number gained access to his Gmail account, and promptly changed his password, then erased every email, deleted every file in his Google Drive account, and eventually deleted his Gmail account altogether.
Miller later discovered he was targeted because he had a Coinbase account and his bank account was linked to it. Miller's phone received his Coinbase account's two-factor authentication codes, so the hackers were able to log into his cryptocurrency trading account and purchase $25,000 worth of Bitcoin. Miller had to call his bank and report the transaction as fraud. That's on top of the immense vulnerability he felt.
One ill-gotten gain for someone who takes over your phone number is the instant access to any two-factor authentication (2FA) codes you receive through text messages, the pin that an institution texts you to verify that you are who you say. That means if they have your password, they're just a few clicks away from logging into your email, bank, or social media accounts.
And if someone gains access to your email account, they can change passwords and search through your email archive to build a list of your entire online presence. Take the time to move away from SMS 2FA codes and use app-based codes instead.
If your phone loses service, call customer care right away.
If you have service through a different carrier, call their customer service number to ask how you can protect your account. Most likely, you'll be asked to create a PIN or passcode.
When creating a PIN or passcode, keep in mind that if someone has enough information to fake that they're actually you, using a birthday, anniversary, or address as the PIN code isn't going to cut it. Instead, create a unique passcode for your carrier and then store it in your password manager.
How do you know if you've been affected?
The easiest way to tell if your SIM card is no longer active is if you completely lose service on your phone. You may receive a text message stating the SIM card for your number has been changed, and to call customer service if you didn't make the change. But with your SIM card no longer active, you won't be able to place a call from your phone -- not even to customer service (more on this below).
In short, the quickest way to tell if you've been affected is if your phone completely loses service and you can't send or receive text messages or phone calls.
There are some steps you can take should you happen to be a victim of sim swap fraud.
What should you do if you find yourself a victim of SIM swap fraud?
The truth is, if someone wants access to your phone number bad enough, they will do all they can to trick your carrier's support representative. What we've outlined above are best practices, but they're not foolproof.
Researchers were able to pose as account holders who had forgotten their PIN or passcodes, oftentimes providing the recent numbers called by the account holder. How do they know those numbers? They either tricked the account holder into calling a couple of numbers -- or even scarier, phone numbers for incoming calls to the account they want to take over, meaning the bad guy simply needed to call the target's phone number themselves.
Once you realize you've lost service on your mobile device, call your carrier immediately and let them know you didn't make the changes. The carrier will help you recover access to your phone number. I can't emphasize this enough -- do not wait to call. The longer someone has access to your phone number, the more damage they can do.
Jason Cipriani/CNET /Twitter/WRPS/AA
Read 1561 times.
Member Comments on this Article.