Enabling two-factor authentication is one of the most effective ways of keeping your accounts secure from password leaks and other attacks. However, cyber attackers have been getting more creative, and one threat in particular that became more common within the last few years is known as SIM Jacking or SIM Swap scam. This is where criminals attempt to gain access to a victim’s personal details and accounts by compromising the victim’s mobile SIM card.
What is a SIM card?
A Subscriber Identity Module (SIM) is a small card with a microchip installed that fits into the SIM slot of a phone. It holds information that serves as a unique identifier of a subscriber to a specific mobile carrier (T-Mobile, AT&T Wireless, etc.).
How do SIM Swap or SIM Jacking Scams work?
Attackers use social engineering tactics, such as phishing scams, to impersonate the victim and convince the victim’s mobile phone carrier to transfer their account and phone number over to the attacker’s SIM card. This gives the attacker full control of the victim’s phone number, and the ability to receive any verification codes sent to the victim’s accounts via texts or calls to the phone number.
A successful attacker can gain access to the victim’s online accounts. E-mail, social media, employment, online banking, and any other accounts that use a one-time password reset code become accessible to the attacker.
How can I prevent these scams from happening?
Here are some things you can do to ensure that your online accounts remains secure:
• Set up a PIN on your account and SIM card through your wireless provider.
• Create and never share complex answers to security questions and secret passphrases.
• If given the option, use 2-Factor authentication hardware tokens or apps such as DUO mobile, Google Authenticator, Microsoft Authenticator, etc. These 2-factor authentication methods allow you to authenticate your identity without having to confirm via call or text.
With the recent boom in cryptocurrency trading, these types of scams have become more prevalent and elaborate. Be on the lookout for phishing scams that allow fraudsters to gather personal details about the victim to impersonate them. If you suspect that your SIM has been compromised, contact your wireless provider immediately.