Greg's Corner

Tagged: sim swapping Toggle Comment Threads | Keyboard Shortcuts

• 

  Geebo 8:00 am on March 18, 2024 Permalink | Reply
  Tags: 2FA ( 11 ), phone scam ( 45 ), phone security ( 6 ), Scams ( 1,222 ), sim swapping, two factor authentication ( 17 )   

  A cautionary tale of SIM swap scams 

  

  By Greg Collier

  The nightmare of having your entire digital existence commandeered by malicious actors is a chilling reality for one unfortunate family from the Chicago area. What began as a routine day turned into a months-long ordeal of trying to reclaim control over their smartphones and, by extension, their digital lives after falling victim to a SIM swap scam.

  SIM swapping, also known as SIM hijacking or SIM porting, is a type of cyberattack where a malicious actor fraudulently gains control of an individual’s phone number by tricking the victim’s mobile carrier into transferring the number to a SIM card under the attacker’s control. This process involves exploiting vulnerabilities in the carrier’s authentication procedures or social engineering techniques to obtain personal information about the victim, such as their account PIN or other identifying details. The term SIM swapping can be misleading because the attacker doesn’t actually require physical possession of the victim’s SIM card to carry out the attack.

  It all started when the family’s wireless account was hacked, leading to the takeover of not just one, but all five of the family’s smartphones linked to the account. Suddenly, their devices were rendered useless, stripped of cellular service, and locked out of essential apps and services.

  Unauthorized apps were installed on their phones, contact numbers were altered, and passwords to numerous accounts were changed without their consent. The financial toll was staggering, with losses totaling thousands of dollars in stolen funds from various platforms, including investment and cryptocurrency apps.

  It’s suspected that the attackers obtained access to the family’s mobile phone account either by stealing or correctly guessing the account’s PIN. Experts advise regular changes to PINs and caution against using easily guessable information, such as birthdates, as security credentials. Moreover, limiting the dissemination of personal details on social media platforms can help mitigate the risk of identity theft.

  To mitigate the risk of SIM swapping attacks, individuals can take several precautionary measures. Avoid using easily guessable or recycled passwords, and consider using a password manager to securely store and manage your credentials. Whenever possible, use authentication methods beyond SMS-based two-factor authentication (2FA), such as app-based authentication or hardware security keys.

  Again, it’s not recommended to use text messaging to receive your authorization codes. Instead, it’s recommended you use an authenticator app along with a biometric authentication such as a fingerprint scanner. This way, your 2FA information is tied to your device and not your phone number.

   

  Leave a ReplyCancel reply
• 

  Geebo 9:00 am on January 26, 2024 Permalink | Reply
  Tags: 2FA ( 11 ), cybersecurity ( 34 ), Scams ( 1,222 ), sim jacking ( 3 ), sim swapping, two factor authentication ( 17 )   

  Is two-factor authentication to blame for SIM-swapping scam? 

  

  By Greg Collier

  A SIM-swapping scam, also known as SIM hijacking or SIM card swapping, is a type of fraud in which attackers take control of an individual’s mobile phone number by tricking the mobile carrier into transferring the phone number to a new SIM card. The goal of the scam is to gain access to the victim’s sensitive information, such as personal data, financial accounts, and online accounts tied to the phone number. For this scam to take place, a scammer does not need physical possession of your phone or its SIM card.

  With control of the victim’s phone number and possibly access to their email or other accounts, the attacker can reset passwords, access sensitive information, and potentially engage in identity theft or financial fraud. What makes the SIM-swapping scam so appealing to scammers is the fact that little to no interaction with the victim is required.

  Recently, a woman from Maryland lost $17,000 to a SIM-swapping scam. Someone in California walked into a Verizon store and activated a new phone on a new SIM card using the victim’s phone number and information. Once that transaction took place, the victim’s phone was no longer active. From there, the scammers were able to use the victim’s phone account to access her bank account and empty it of $17,000.

  The news report about the victim’s financial loss makes it a point to show the victim had two-factor authentication enabled on most of her online accounts. Unfortunately, the SIM-swapping scam is specifically designed to circumvent two-factor authentication.

  Two-factor authentication (2FA) is a security process that requires users to provide two different authentication factors to verify their identity before gaining access to an account, system, or application. The purpose of 2FA is to add an extra layer of security beyond just a username and password. Most people who enact 2FA on their accounts use text messaging to receive their one-time 2FA code. If a SIM-swap is enacted on a phone where 2FA codes are bing sent to the phone, the scammers not only have control of your phone account, but can also receive your 2FA authorization codes.

  While any 2FA is better than having none, it’s not recommended to use text messaging to receive your authorization codes. Instead, it’s recommended you use an authenticator app along with a biometric authentication such as a fingerprint scanner. This way, your 2FA information is tied to your device and not your phone number.

  To better protect yourself from a SIM-swapping attack, set a unique personal identification number (PIN) or password with your mobile carrier to add an extra layer of security.

   
• 

  Geebo 9:00 am on November 29, 2023 Permalink | Reply
  Tags: identity theft ( 96 ), impersonation scam ( 111 ), Scams ( 1,222 ), sim swapping   

  Anyone can fall prey to the SIM-swapping scam 

  

  By Greg Collier

  You may have head of the term SIM-swapping before. You may even know SIM-swapping is part of a larger identity theft scheme. What you may not know is that the term SIM-swapping is a type of misnomer. SIM-swapping makes it sound like someone needs physical access to your phone so they can steal your SIM card. A more appropriate term would be SIM-hijacking, since the scam itself is committed remotely.

  A SIM-swapping attack is a type of cyberattack where a malicious actor fraudulently convinces a mobile carrier to transfer a victim’s phone number to a SIM card under the attacker’s control. This is typically done by impersonating the victim or exploiting vulnerabilities in the carrier’s verification processes.

  The attacker contacts the victim’s mobile carrier, posing as the legitimate account holder. They may use gathered information to convince the carrier’s customer support representatives that they are the actual owner of the phone number.

  Once the attacker successfully convinces the carrier to transfer the phone number to a new SIM card, the victim’s phone loses network connectivity. The victim may not be aware of this until they try to make a call or use data services.

  With control of the victim’s phone number, the attacker can receive the victim’s text messages and phone calls, which may be used to bypass two-factor authentication (2FA) on various accounts linked to the phone number. This can lead to unauthorized access to email, social media, financial, or other online accounts.

  In the past, when we’ve discussed SIM-swapping attacks, we’ve heard from readers who said their phones are immune from these attacks since their phone doesn’t have a SIM card. Unless you’re still carrying a flip phone you bought from Sprint in the mid-2000s, chances are your mobile phone has a SIM card in it. You may not have placed the card in the phone yourself, but without a SIM card, your phone wouldn’t be able to communicate with your phone carrier and provide you service. There’s also what’s known as an eSIM. This is a SIM card that can be embedded in your phone, meaning it can’t be removed. In essence, if you have a reasonably modern mobile phone, it has a SIM card. And if it has a SIM card, it’s vulnerable to these attacks.

  A woman from California, recently fell victim to one of these attacks. After scammers successfully had her phone company transfer her service to the scammers’ SIM card, they were able to get access to at least one of her bank accounts. They drained her account of $49,000 before it was all said and done. The victim tried to work with both her bank and phone provider, but they denied any of her requests. As with many bank-related scams, it wasn’t until the victim contacted her local news station before she received a refund from her bank.

  There are several effective strategies to safeguard yourself from SIM-swapping. One approach is to opt for an authenticator app instead of relying on text messages for two-factor authentication. Authenticator apps are tied to a specific device rather than a phone number, enhancing their security. Additionally, it’s crucial to refrain from using easily discoverable information, such as high school mascots or pet names, for security questions on online accounts, as such details are often accessible on social media. Finally, you can enhance security by reaching out to your carrier and requesting the restriction of any device switches on your account. It’s important to note that to lift this restriction, you might need to visit a carrier store and provide identification.

   
• 

  Geebo 9:00 am on March 7, 2023 Permalink | Reply
  Tags: 2FA ( 11 ), bank fraud ( 19 ), phone scam ( 45 ), Scams ( 1,222 ), sim swapping, two factor authentication ( 17 )   

  Thousands lost in SIM-swapping attack 

  

  By Greg Collier

  If you own a smartphone, how lost would you be without it? We’re not talking about losing your phone in the couch cushions. We mean, how much would your personal life be at risk if your phone was stolen. For many, their smartphone is the only device they need to conduct their lives. For even more, their entire lives are contained in their smartphone. Bank accounts, email, family photos, and schedules are just a few of things that could be accessed through a stolen smartphone. Now, what if we told you that you can lose all these things from your phone without physically losing the device?

  SIM-swapping is a type of cybercrime where an attacker takes control of a victim’s mobile phone number by tricking the victim’s mobile carrier into transferring the number to a new SIM card. Once the attacker has control of the phone number, they can use it to access the victim’s online accounts, such as email, social media, and financial accounts, which often rely on text messaging for two-factor authentication. Then the attacker can not only access your accounts, but they can lock you out of them as well.

  Recently, a man from Colorado lost $24,500 out of his savings account after his phone received a SIM-swapping attack. The victim received an email from his bank that a large transfer was being made, but by the time he was able to contact his bank, the transfer had already gone through. You can almost imagine the shock on his face when he tried to call his bank, only to find out his phone had no service.

  There are several effective ways to protect yourself from SIM-swapping. One is to use an authenticator app instead of relying on text messages for two-factor authentication. Authenticator apps are linked to a device instead of a phone number, making them more secure. Additionally, it’s important to avoid using accurate information for security questions on online accounts, such as high school mascots or pet names, as this information can often be found on social media. Lastly, you can contact your carrier and request that they disallow any device switches on your account, but keep in mind that to unfreeze your account, you may need to visit a carrier store and present identification.

   
• 

  Geebo 8:00 am on October 18, 2022 Permalink | Reply
  Tags: phone scam ( 45 ), Scams ( 1,222 ), sim swapping, social engineering ( 2 ), two factor authentication ( 17 ), Zelle ( 62 )   

  This phone scam could steal your life 

  

  By Greg Collier

  How much of a panic would you be in if you lost your phone? Can your personal or business email accounts be accessed through your phone? Is your phone locked with a PIN or password? Or is it secured using a fingerprint or facial ID? Do you have banking apps that require a PIN or fingerprint to access? Could any random stranger just pick up your phone and start accessing your money and information? Even if your phone is completely locked down and secure from physical access by outsiders, there’s still a way you can lose all access to your phone without actually losing your phone.

  There is a scam out there that most mobile phones are vulnerable to, and it’s known as SIM-swapping. The name SIM-swapping is a misnomer, since physical access to your phone’s SIM card is not necessary. SIM-swapping works when scammers or identity thieves contact your mobile phone carrier and pose as you. The scammer will use information they’ve found out about you to convince the phone carrier they are you. This is known as social engineering.

  Once the scammer convinces the phone carrier that they’re you, they’ll have the phone company switch your service from your phone to theirs. As soon as that happens, the scammers have direct access to your phone number and text messages. Since most of us who use two-factor authentication have the authorization codes sent to our text messages, the scammers can then access any number of your personal accounts, including your financial accounts.

  This recently happened to a victim from Tennessee. She had received a text message from her carrier indicating a change on her account before her phone service went completely dead. She called her carrier, and another name had been added to the account. By the time she had her service restored, scammers had transferred thousands out of her bank account through the Zelle app.

  There are ways to protect yourself from SIM-swapping. One way is to use an authenticator app instead of using text messages for your two-factor authentication. Authenticator apps are tied to the device instead of being tied to a phone number. Also, when filling out your security questions for online accounts, don’t give the correct answers. Information like your high school mascot or your pet’s name can be discovered on your social media. Lastly, you can contact your carrier and tell them not to allow any device switching on your account. However, to get your account unfrozen, you may have to visit your carrier’s store with your ID.

   
• 

  Geebo 9:01 am on December 30, 2021 Permalink | Reply
  Tags: data breach ( 31 ), mobile phones ( 7 ), Scams ( 1,222 ), sim swapping, T-Mobile ( 2 )   

  Phone hacking rises out of data breach 

  

  By Greg Collier

  This past August, it was reported that major cell phone carrier T-Mobile had a massive data breach. That breach is said exposed the information of up to 40 million customers. Now, it seems we’re starting to see the fallout from that breach. Tech experts are saying that cases of SIM-swapping are on the rise. By its name, you might think that SIM-swapping involves a scammer having physical possession of your phone so they can steal your phone’s SIM card. However, that’s not the case. SIM-swapping can happen without you even noticing.

  SIM-swapping works when a scammer or identity thief uses your information to deactivate your cell phone and transfer your service to the scammer’s phone. This is done when a bad actor calls your cell phone carrier and convinces the carrier to change service to the scammer’s phone. The reason scammers do this is that so many of us have our security safeguards routed through our phones. Many of us who use two-factor authentication do so through text messaging.

  For example, let’s say you have 2FA enabled on your bank account. No one can enter your bank account if they don’t receive the text message for your bank account’s authority. If a scammer SIM-swaps your phone, they now have access to those security measures. Not only could SIM-swappers access your accounts, but they could also lock you out of any of your accounts that you access through your phone. They could essentially take over your identity completely through the phone, and you may not notice for a while.

  If your phone stops receiving service all of a sudden, that could be a sign you’ve might have been SIM-swapped. There are ways to protect yourself, though. Sharing too much information on social media could lead scammers and identity thieves to the answers to your security questions. You can also contact your cell phone carrier and instruct them to not allow any device switching on your account. You’d be surprised how often scammers are contacting cell phone carriers for one scam or another.

   
• 

  Geebo 8:00 am on July 17, 2020 Permalink | Reply
  Tags: identity theft ( 96 ), Scams ( 1,222 ), sim jacking ( 3 ), sim swapping, smart phones ( 13 )   

  FTC: SIM swapping on the rise 

  

  Around a decade ago, not everyone had a smartphone. While the iPhone had already been out for three years, many people only had phones that could only make calls and send text messages. Now, the majority of us have smartphones which are basically like having a full-blown computer in your pocket. As such, many of us have very sensitive personal and financial information on our phones. Now, what if someone was able to steal all of that information without having to steal your phone? That’s exactly what happens with SIM swapping.

  SIM swapping is when a scammer or other bad actor is able to convince your cell phone carrier to switch your service to their phone. This way they can have access to the various social media, email, and financial apps that you may have on your phone. SIM swapping is lucrative to scammers because this way they can easily access accounts that are protected by two-factor authentication since many of us use text messaging as our preferred method of 2FA. This is also how they can lock you out of your own accounts after having email addresses and passwords changed.

  Normally, someone would have to give your cell phone carrier a PIN number in order to transfer service to a new device. However, since so many people forget their PINs, some carriers will let you change service after answering a couple of security questions. Scammers can often find the answer to these questions, like your pet’s name or the street you grew up on, from your social media accounts. The Federal Trade Commission has said that SIM swapping has been on the rise in the past few years.

  There are ways to protect yourself from SIM swapping. The first is to not share too much information about yourself on social media that could lead to scammers knowing the answers to your security questions. The other way is to contact your carrier and tell them not to allow any device switching on your account. However, to get your account unfrozen you may have to visit your carrier’s store with your ID.

   
• 

  Geebo 8:00 am on October 15, 2019 Permalink | Reply
  Tags: cybersecurity ( 34 ), phone security ( 6 ), privacy ( 46 ), security ( 46 ), sim jacking ( 3 ), sim swapping, smart phones ( 13 )   

  SIM Swapping can cost you thousands if you’re not careful 

  

  Freelance British food writer Jack Monroe recently made news when she found out that someone stole the phone number to her smartphone. They were then able to transfer the number to another phone where they had access to some of her financial information and were able to steal £5,000 from her personal account. That amount equates to close to $6,300 in the U.S. This is a trick known as SIM_Swapping or SIM-Jacking named after the SIM cards in most smartphones that contain your calling information including your phone number. Unfortunately, there’s not a lot you can do to protect yourself against the attack.

  SIM Swapping works when the victim is targeted by someone with knowledge of how the attack works. First, they get your name, address, and date of birth, then they contact your cell phone carrier to try and convince them that they are you. If the attacker is successful, he can get the carrier to switch your number to their phone. The attacker can then receive all your calls, texts, emails and the like. That way they can receive the two-factor authentication texts that would allow them to access any of your sensitive online accounts including banking.

  [youtube https://www.youtube.com/watch?v=6occS3PyOss%5D

  While most victims of SIM Swapping don’t notice the attack until it’s too late, there are some steps you can take to try to protect yourself although nothing is a guarantee of preventing such an attack. You can instruct your cell phone carrier to require a PIN number if anyone calls to try and have any portion of your service changed. As with most PINs, don’t make it something obvious that an attacker can guess like your birthdate. You can also sign up for a Google Voice number which is much more secure and tougher to attack than a traditional cell phone number but work just like a traditional phone number and they are also free to get.