A cautionary tale of SIM swap scams

A cautionary tale of SIM swap scams

By Greg Collier

The nightmare of having your entire digital existence commandeered by malicious actors is a chilling reality for one unfortunate family from the Chicago area. What began as a routine day turned into a months-long ordeal of trying to reclaim control over their smartphones and, by extension, their digital lives after falling victim to a SIM swap scam.

SIM swapping, also known as SIM hijacking or SIM porting, is a type of cyberattack where a malicious actor fraudulently gains control of an individual’s phone number by tricking the victim’s mobile carrier into transferring the number to a SIM card under the attacker’s control. This process involves exploiting vulnerabilities in the carrier’s authentication procedures or social engineering techniques to obtain personal information about the victim, such as their account PIN or other identifying details. The term SIM swapping can be misleading because the attacker doesn’t actually require physical possession of the victim’s SIM card to carry out the attack.

It all started when the family’s wireless account was hacked, leading to the takeover of not just one, but all five of the family’s smartphones linked to the account. Suddenly, their devices were rendered useless, stripped of cellular service, and locked out of essential apps and services.

Unauthorized apps were installed on their phones, contact numbers were altered, and passwords to numerous accounts were changed without their consent. The financial toll was staggering, with losses totaling thousands of dollars in stolen funds from various platforms, including investment and cryptocurrency apps.

It’s suspected that the attackers obtained access to the family’s mobile phone account either by stealing or correctly guessing the account’s PIN. Experts advise regular changes to PINs and caution against using easily guessable information, such as birthdates, as security credentials. Moreover, limiting the dissemination of personal details on social media platforms can help mitigate the risk of identity theft.

To mitigate the risk of SIM swapping attacks, individuals can take several precautionary measures. Avoid using easily guessable or recycled passwords, and consider using a password manager to securely store and manage your credentials. Whenever possible, use authentication methods beyond SMS-based two-factor authentication (2FA), such as app-based authentication or hardware security keys.

Again, it’s not recommended to use text messaging to receive your authorization codes. Instead, it’s recommended you use an authenticator app along with a biometric authentication such as a fingerprint scanner. This way, your 2FA information is tied to your device and not your phone number.