With plenty of time on their hands, today’s cybercriminals are getting quite creative in their hacks. One of the most incredibly specific attacks that can net a hacker a massive payday is a SIM swapping attack. This type of attack recently cost a Bitcoin investor $24 million in losses when their SIM was “borrowed” by cybercriminals bent on gaining unlawful access to his Bitcoin account. What’s worse is that this wasn’t just any ordinary investor, this was a tech-savvy individual who rated their personal cybersecurity preparedness as a 9.8 out of 10 — someone who was taking all the known measures to stay safe online. Here is what you need to know to defend against this highly-specialized form of cyberattack.
How Does SIM Swapping Work?
Think about it: your cell phone is the heart of nearly everything you do and is used as your primary login feature for everything from your Twitter account to your online banking or investments and grocery shopping. This is one of the reasons that telecom carriers are so adamant about determining your identity before allowing any changes on your account — they know exactly the level of havoc unauthorized users can cause to your life. Google, Microsoft and other major software vendors tie your online account information tightly to your phone number, but what happens when your phone-based identity is transferred to another SIM card?
SIM cards, also known as Subscriber Identity Modules, are a tiny piece of plastic that provides a unique ID connecting you to your mobile network of choice. You probably only think about SIM cards when you are activating a new cell phone or swapping devices with family members. SIM swapping works when someone is able to fraudulently identify themselves as another individual and convince a telecommunications carrier that a change is authorized. Once the hacker has activated a new SIM on their personal device, they have the keys to the kingdom in terms of your personal email accounts, text message access that can be used to reset passwords and more. The hacker has no need to store your physical device, which makes this a particularly devilish hack.
Protecting Against SIM Swapping Attacks
Proactive security is always best, but you may be feeling overly comfortable with your standard two-factor authentication because it can be quickly overridden by cybercriminals. SIM card scams are often used to take over social media accounts, posting inappropriate content from celebrities. Michael Terpin, the individual who lost nearly $24 million in a single day due to a SIM swapping attack, is currently suing AT&T for nearly 10 times the amount he lost and claiming that the telco giant allegedly tolerated insider criminal activity. A few of the steps that can help protect your account against this type of intrusion include:
- Stay aware of potential phishing scams, avoiding fake login screens and websites that don’t look legitimate
- Restrict the personal information that is posted online as this can be skimmed so hackers can pass as you over the phone or online
- Add two-factor authentication that relies on a physical device, or create a PIN that must be used to make a change with cell phone carriers
- Create complex, randomized passwords or use a password vault
While no one can reduce the threat of cyberattack to zero, taking these actions will provide an added layer of protection to your online accounts and information. Want to learn more about cybersecurity for your business? These are some of the best practices that our Coretelligent team shares on a regular basis on our blog and the value that we bring to our clients on an everyday basis. Contact us today by calling 855-841-5888 or via email to firstname.lastname@example.org to claim your free initial consultation.