The devices we use daily offer us convenience and efficiency, but they can also be access points threat actors use to steal personal or private information. For every protection measure we take, cybercriminals are adapting and looking for ways to get around them—the latest trend being SIM-Jacking. This happens when a criminal uses social engineering to trick cellular companies into transferring someone’s phone number to a new phone in their possession.
What is SIM-Jacking
SIM-Jacking or SIM-Swapping occurs when a threat actor reassigns a victim’s phone number to the SIM in the scammer’s phone so that the scammer receives that number’s calls and texts. Once that happens, the crook can access other accounts protected by MFA (multi-factor authentication), with the one-time text-based or SMS verification code now being sent to the thief. With this kind of access, the scammer can then sweep the victim’s online accounts and apps, reset password logins, and steal funds or whatever information they deem valuable.
How to avoid SIM-Jacking
- Every major US cell phone service carrier offers the option of a passcode on an account. It’s highly recommended you use it. While it may still be possible to obtain the PIN from the inside, the more steps you force the attacker to take to gain entry into your account, the more likely they are to move on. Ask your carrier how to set a PIN, or look up the instructions online.
- Two-Factor Authentication
- Most 2FA codes work via text message. While this is certainly convenient, it is not very secure. It’s recommended that you use stronger two-factor authentication software, such as an Authenticator (Google, Microsoft, etc.). Instead of tying your personal information to a phone number, the software associates your information with a specific device.
- Possibly the best way to prevent yourself from being SIM-jacked is being aware of what is connected to your phone number. It can be time-consuming to go through all your accounts, as some apps require your phone number; however, being conscious about what’s connected to your accounts can make a big difference.
From Multi-Factor Authentication to strong password generators, Impact Business Technology has solutions to assist in the fight to keep your private data and accounts safe.