Tagged: sim jacking Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 9:00 am on January 26, 2024 Permalink | Reply
    Tags: , , , sim jacking, ,   

    Is two-factor authentication to blame for SIM-swapping scam? 

    By Greg Collier

    A SIM-swapping scam, also known as SIM hijacking or SIM card swapping, is a type of fraud in which attackers take control of an individual’s mobile phone number by tricking the mobile carrier into transferring the phone number to a new SIM card. The goal of the scam is to gain access to the victim’s sensitive information, such as personal data, financial accounts, and online accounts tied to the phone number. For this scam to take place, a scammer does not need physical possession of your phone or its SIM card.

    With control of the victim’s phone number and possibly access to their email or other accounts, the attacker can reset passwords, access sensitive information, and potentially engage in identity theft or financial fraud. What makes the SIM-swapping scam so appealing to scammers is the fact that little to no interaction with the victim is required.

    Recently, a woman from Maryland lost $17,000 to a SIM-swapping scam. Someone in California walked into a Verizon store and activated a new phone on a new SIM card using the victim’s phone number and information. Once that transaction took place, the victim’s phone was no longer active. From there, the scammers were able to use the victim’s phone account to access her bank account and empty it of $17,000.

    The news report about the victim’s financial loss makes it a point to show the victim had two-factor authentication enabled on most of her online accounts. Unfortunately, the SIM-swapping scam is specifically designed to circumvent two-factor authentication.

    Two-factor authentication (2FA) is a security process that requires users to provide two different authentication factors to verify their identity before gaining access to an account, system, or application. The purpose of 2FA is to add an extra layer of security beyond just a username and password. Most people who enact 2FA on their accounts use text messaging to receive their one-time 2FA code. If a SIM-swap is enacted on a phone where 2FA codes are bing sent to the phone, the scammers not only have control of your phone account, but can also receive your 2FA authorization codes.

    While any 2FA is better than having none, it’s not recommended to use text messaging to receive your authorization codes. Instead, it’s recommended you use an authenticator app along with a biometric authentication such as a fingerprint scanner. This way, your 2FA information is tied to your device and not your phone number.

    To better protect yourself from a SIM-swapping attack, set a unique personal identification number (PIN) or password with your mobile carrier to add an extra layer of security.

     

  • Geebo 8:00 am on July 17, 2020 Permalink | Reply
    Tags: , , sim jacking, ,   

    FTC: SIM swapping on the rise 

    FTC: SIM swapping on the rise

    Around a decade ago, not everyone had a smartphone. While the iPhone had already been out for three years, many people only had phones that could only make calls and send text messages. Now, the majority of us have smartphones which are basically like having a full-blown computer in your pocket. As such, many of us have very sensitive personal and financial information on our phones. Now, what if someone was able to steal all of that information without having to steal your phone? That’s exactly what happens with SIM swapping.

    SIM swapping is when a scammer or other bad actor is able to convince your cell phone carrier to switch your service to their phone. This way they can have access to the various social media, email, and financial apps that you may have on your phone. SIM swapping is lucrative to scammers because this way they can easily access accounts that are protected by two-factor authentication since many of us use text messaging as our preferred method of 2FA. This is also how they can lock you out of your own accounts after having email addresses and passwords changed.

    Normally, someone would have to give your cell phone carrier a PIN number in order to transfer service to a new device. However, since so many people forget their PINs, some carriers will let you change service after answering a couple of security questions. Scammers can often find the answer to these questions, like your pet’s name or the street you grew up on, from your social media accounts. The Federal Trade Commission has said that SIM swapping has been on the rise in the past few years.

    There are ways to protect yourself from SIM swapping. The first is to not share too much information about yourself on social media that could lead to scammers knowing the answers to your security questions. The other way is to contact your carrier and tell them not to allow any device switching on your account. However, to get your account unfrozen you may have to visit your carrier’s store with your ID.

     

  • Geebo 8:00 am on October 15, 2019 Permalink | Reply
    Tags: , , , , sim jacking, ,   

    SIM Swapping can cost you thousands if you’re not careful 

    SIM Swapping can cost you thousands if you're not careful

    Freelance British food writer Jack Monroe recently made news when she found out that someone stole the phone number to her smartphone. They were then able to transfer the number to another phone where they had access to some of her financial information and were able to steal £5,000 from her personal account. That amount equates to close to $6,300 in the U.S. This is a trick known as SIM_Swapping or SIM-Jacking named after the SIM cards in most smartphones that contain your calling information including your phone number. Unfortunately, there’s not a lot you can do to protect yourself against the attack.

    SIM Swapping works when the victim is targeted by someone with knowledge of how the attack works. First, they get your name, address, and date of birth, then they contact your cell phone carrier to try and convince them that they are you. If the attacker is successful, he can get the carrier to switch your number to their phone. The attacker can then receive all your calls, texts, emails and the like. That way they can receive the two-factor authentication texts that would allow them to access any of your sensitive online accounts including banking.

    [youtube https://www.youtube.com/watch?v=6occS3PyOss%5D

    While most victims of SIM Swapping don’t notice the attack until it’s too late, there are some steps you can take to try to protect yourself although nothing is a guarantee of preventing such an attack. You can instruct your cell phone carrier to require a PIN number if anyone calls to try and have any portion of your service changed. As with most PINs, don’t make it something obvious that an attacker can guess like your birthdate. You can also sign up for a Google Voice number which is much more secure and tougher to attack than a traditional cell phone number but work just like a traditional phone number and they are also free to get.

     

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel