Thousands lost in SIM-swapping attack
By Greg Collier
If you own a smartphone, how lost would you be without it? We’re not talking about losing your phone in the couch cushions. We mean, how much would your personal life be at risk if your phone was stolen. For many, their smartphone is the only device they need to conduct their lives. For even more, their entire lives are contained in their smartphone. Bank accounts, email, family photos, and schedules are just a few of things that could be accessed through a stolen smartphone. Now, what if we told you that you can lose all these things from your phone without physically losing the device?
SIM-swapping is a type of cybercrime where an attacker takes control of a victim’s mobile phone number by tricking the victim’s mobile carrier into transferring the number to a new SIM card. Once the attacker has control of the phone number, they can use it to access the victim’s online accounts, such as email, social media, and financial accounts, which often rely on text messaging for two-factor authentication. Then the attacker can not only access your accounts, but they can lock you out of them as well.
Recently, a man from Colorado lost $24,500 out of his savings account after his phone received a SIM-swapping attack. The victim received an email from his bank that a large transfer was being made, but by the time he was able to contact his bank, the transfer had already gone through. You can almost imagine the shock on his face when he tried to call his bank, only to find out his phone had no service.
There are several effective ways to protect yourself from SIM-swapping. One is to use an authenticator app instead of relying on text messages for two-factor authentication. Authenticator apps are linked to a device instead of a phone number, making them more secure. Additionally, it’s important to avoid using accurate information for security questions on online accounts, such as high school mascots or pet names, as this information can often be found on social media. Lastly, you can contact your carrier and request that they disallow any device switches on your account, but keep in mind that to unfreeze your account, you may need to visit a carrier store and present identification.
Leave a Reply