Setting up two-factor authentication (2FA) is a good way to protect your accounts, but if it's text, it's not foolproof. SIM card hijacking, or SIM card swapping, has been around for a while, but as our financial identities increasingly exist online, it's becoming more common to steal phone numbers and use them to access to accounts. This is becoming harder to achieve as phone carriers slowly improve their security procedures and 2FA apps like Google Authenticator and Authy become more common, but as of 2018 it's still a growing problem.ContentsHow does it work?Who/What gets hacked?What if it happened to me?How can I protect myself?In conclusion:hacking happens
1. Find a target
Laying the groundwork is a crucial part of SIM swapping. First, attackers find personal information about potential targets. Everything from banking credentials to age, location — even social security numbers — can be found floating around the web. If they need more, they can use a phishing attack to trick users into revealing something crucial.
2. Misleading Technical Support
Now that he has a strategy, the hacker will call your carrier (it's pretty easy to find out which carrier a number is on), use what he knows about you to answer security questions, and ask him to port the number to a new SIM card. With a little social engineering, they can get the tech support rep to put a user's number on a hacker-controlled phone.
Almost anyone is at risk of having their SIM card hacked, but since it's not the easiest attack to carry out, a limited number of people can be targeted at a time. People with easily accessible personal information, large social media accounts, or high-value financial accounts are certainly vulnerable, but that doesn't exclude average people with a decent sense of online safety from running into this issue. Even something as seemingly innocuous as a memorable Instagram handle like "@Rainbow" could prompt a hack, as these can sell for surprisingly high sums.
If your phone suddenly loses service in a location where you normally have it, you might consider checking with your carrier. If you suspect a SIM swap, you should:
Unfortunately, many carriers, businesses, and financial institutions have yet to implement foolproof security measures to prevent this. Even with additional layers of security around customer information, attackers may have accomplices working inside to pass customer information to hijackers. That said, there are a few things you can do.
Even with a PIN, authenticator app, and VoIP service, you're not really bulletproof:PINs can be stolen, authenticator apps aren't widely supported, and some services do not allow you to use VoIP. In the ever-changing world of cybersecurity, the best you can generally do is to settle in, keep an eye out for suspicious activity, and react quickly if anything happens. The stronger your security, the less likely you are to become a target, and the quicker you react, the less likely you are to end up with a few fewer dollars or Instagram accounts.