SIM swap attacks are a popular scam right now, and although you might not have to deal with a SIM swap, it’s good to know what one is, and what you can do to prevent one from happening to you.
Even if you have not been “SIM swapped,” there are still various other ways to hack a phone, causing its performance to suffer and slow down. If you believe your device has a virus or has been hacked in some other way, it’s a good idea to call a local cell phone repair shop now to ask about virus removal, data recovery and software resets.
What Exactly is SIM Swapping?
SIM swapping occurs when a hacker tricks your cell phone provider into believing you are activating your SIM card on a device they own. To put it simply, someone is stealing your phone number and attach it to their own device.
What Could Happen?
If a cybercriminal successfully pulls a SIM swap attack, your cell phone will be deactivated and all texts, data, phone calls and accounts associated with your phone number will be sent to their device.
A cyber-criminal can easily leverage this information to access your financial information, personal information, and accounts. You might even be permanently locked out of your services.
Take a moment to consider how many accounts and apps on your phone use your number to verify your identity. An attacker wouldn’t know your username and password to access an account, and she wouldn’t have to. Instead, she’d control the recovery method used to reset these credentials.
We’re talking about a new form of identity theft – one that defeats all of the account security in the world, because it is rendered useless by a cyber-criminal pretending they are you simply by hijacking your phone number.
How Can This Happen?
An attacker doesn’t need to physically access your phone to steal your phone number, they don’t even have to know your phone’s make or model.
All they need is enough finesse to convince a customer support employee that they are you.
How Can I Tell if I Have Been a Victim of a SIM Swap Scam?
If you notice strange behavior, like still having service but having an inability to receive or send calls and texts, you may have been targeted. You are suddenly unable to login to any of your important accounts, this may be your explanation too. If you have received a notification from your provider that your SIM card has been activated elsewhere – unfortunately, this is a sure sign your phone number has been hijacked in a SIM swap scam.
How Can I Prevent This From Happening?
Preventing a SIM swap attack is a lot easier than dealing with the aftermath of one.
Typically, the first step hackers take in this type of attack is phishing. Avoid strange emails with unknown links, fake login screens and bogus address bars. Although phishing scams can take many forms, they’re pretty easy to identify.
Don’t download programs, sign in to websites, or click on any links that you do not recognize. A cybercriminal will use these tools to gather critical information about you to launch the attack.
Beware of social engineering – the process hackers use to collect as much information about you as possible so that they might be able to impersonate you over the phone or even via email.
Circumvent this process by keeping sensitive information like your address, birthday, and of course, phone number off of as many of your accounts as possible.
Although you might need to use some of this data for particular services, you don’t want to present hackers with a Rolodex of searchable information about you on social media. Cancel and delete any social media accounts you don’t use anymore, too.
The following action items are recommended to help you protect your accounts from getting hijacked:
- Set up a PIN number required for any changes with your cellular carrier.
- Use 2FA that is contingent upon having a physical device in hand, like Authy, in lieu of SMS verification for logins.
- Use security recovery questions that only you would know that isn’t tied to your personal information in any way.
- Unlink your phone number from your accounts wherever you can.
- Use a password manager.
- Use your password manager to create long, unique random passwords for each of your accounts.
- Don’t use Google, Facebook, Twitter, etc to sign in to your other services.
Take note of important information related to your important accounts which you can use to identify yourself to take back control of your accounts like:
- The physical address associated with your account.
- The month and year your account was created.
- Bank statements that can confirm you were the one who made particular purchases.
And compile a master list of all of your important accounts. This will make reacting to any type of ID theft easier because you can go through each account and change your credentials one by one.
Store this information securely in a paper file instead of saving it on a service that might be broken into.
Spread your data securely through open source services and apps instead of apps from Microsoft, Google, or Apple, placing your most important data in places with the highest security.
Try to use separate emails, messaging apps, and more. Although iCloud and Google Drive are convenient, if all of your data is in one place, and someone gains access to it, you’re in a world of pain.
Additionally, keep particular data off the internet. Don’t upload your health insurance information into iCloud, for example, because if someone were able to gain access, they’d have plenty of information they could work with to successfully pretend they are you.
These simple measures might be mildly annoying to take, but it’s a heck of a lot better to do these now then spend weeks trying to sort out an identity fraud situation. You might just thank yourself for taking action now in the future.