Authorities Warn That SIM Swapping Could Help Hackers Take over Personal Devices and Accounts

SIM swapping is not a new scam method, but there is a very good chance that it is often overshadowed in cybersecurity news by other high-profile hacks and data thefts. Also, regular users often have this idea that their accounts and devices are relatively safe because they’re not as important as social media stars or entertainment business celebrities. However, that couldn’t be farther from the truth. Maybe you don’t have traffic-stopping nudes saved in your drafts, but it doesn’t mean that you can’t become a SIM swapping victim, too.

How does SIM swapping work?

What does come to your mind when you hear the term “SIM swapping?” You probably imagine someone stealing your SIM card. Or maybe it makes you wary of changing SIM cards when you’re on vacation abroad. Could a pre-paid SIM card be the source of all evil?

If that’s your main concern, you can breathe a sigh of relief. That’s not how SIM swapping works. The truth is that the crooks that employ this scam do not even need to get anywhere near your phone. SIM swapping is actually an account takeover, and it exploits a weakness in two-factor authentication. Indeed, multi-factor authentication and two-factor authentication have been increasingly promoted as a progressive step towards higher security standards, but even these authentication systems have weaknesses that can be exploited.

Needless to say, there are several steps to this scam, and it also relies on the ability to port a telephone number to a different SIM. In fact, porting phone numbers to new SIM cards is essential if you have lost your phone, but you want to keep on using your old number. When you request the service provider to port your number to a different SIM, you need to verify your identity.

This is where the scammers step in. When they launch a SIM swapping scam, they already have enough of your personal details to convince the service provider that they are you. Now, where do they get that personal information? The truth is that there are many ways to steal personal data. They might get it through phishing emails, trick you into revealing your personal information via social engineering, or maybe simply buy that information from hackers who have already stolen your online footprint.

With all this information at their fingertips, scammers can port your telephone number to their SIM card, thus completing the SIM swapping operation. And once that happens, they successfully cut you off from the mobile network, and they can take over all of your text messages and phone calls. What’s more, if you use one-time passwords for two-factor authentication, the fraudsters can receive all of those passwords to their phone and access your bank and social media accounts.

SIM swapping is far more common than most users realize. This method is used for high-profile Instagram takeovers, cryptocurrency thefts, and other criminal operations that steal thousands of dollars from exposed bank accounts. And sometimes, even knowing how SIM swapping works might not be enough to avoid it. Security experts say that if the hacker is determined and skilled, there might not be much one can do to prevent the scam.

Potential security measures

Nevertheless, there are always certain steps you can take to make hackers' lives harder. Some of them might seem really simple, but the truth is that users often forget the most basic aspects of cybersecurity.

First, you should not share sensitive personal information on social media. You would probably never think of sharing your passport photo in public, so why would you ever share your date of birth? Second, you must avoid interacting with phishing emails and text messages. If an email or a message requires you to confirm your password or update your account information, you should double-check whether the notification is real. If you haven’t requested a password reset, the message you have received is clearly fake.

Using a password manager can also improve your overall cybersecurity level. You wouldn’t have to think of passwords yourself, and it would definitely prevent you from recycling passwords across different accounts. If you’ve never tried using a password manager before, you can get a taste of that by clicking the FREE 30-Day Trial button on the right.

Aside from that, depending on your carrier, you can add a PIN or a passcode to your mobile account. Major service providers in the United States offer such an option. Each service has different methods that can be applied to protect your account. Security experts point out that this additional level of security might not be enough to protect you from insider threats, but it is yet another piece in the puzzle that hackers need to acquire in order to reach your account. Hence, it is a good idea to consider using it.

While SIM swapping exploits two-factor authentication that relies on text messages, there are other ways to employ two-factor authentication, too. For example, you could use an authentication app instead. There are multiple reliable apps out there that can provide that additional barrier for your account’s security. There are even physical authentication methods, where you can use a USB key as an authentication token each time you log in to your account. On the other hand, it is questionable whether users would willingly use third-party tools and applications. Not to mention that not all services might support such security measures.

That one extra mile

Albeit using the same username and the same phone number across different accounts is convenient, it is not exactly safe. Hence, security experts recommend using a different phone number for the more sensitive accounts. If you keep that number secret and do not share it, it will be easier to avoid the SIM swapping scam.

Again, this might not be worth it for most of the users who are more focused on ease of access and efficiency. Hence, we just have to remain careful and vigilant. The rest is up to app developers and service providers, as they scramble to come up with a universal scam-proof authentication method.

By Foley
February 5, 2020
Password Security
English
February 5, 2020
Password Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News

Failure to Protect Samsung Cloud Accounts Has Allowed Hackers to Blackmail K-Pop Stars

For years now, we have had services like iCloud and Samsung Cloud, which help us back up all our photos, videos, texts, and contacts to the cloud and restore them on another device with a few taps of the screen. Many... Read more

January 13, 2020
Tips

If You Share Personal Information Publicly, You're on Hackers' Radar

Why do people point out where they work on their Facebook profiles? Can this type of information posted in this particular place ever be useful? Let's consider a peculiar but plausible scenario. Several months ago,... Read more

November 6, 2018
News

SIM Swapping Attacks – Stealing Everything from Your Bitcoins to Your Instagram Accounts

You often see and hear people compare a password to a physical key. While it's obvious where the parallels come from, there are quite a few differences. For example, without the key, you can't unlock the door. Gaining... Read more

August 24, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.