Science & Tech

The Growing Threat of SIM Swapping and How to Prevent It

By
The Growing Threat of SIM Swapping and How to Prevent It

A SIM card, or Subscriber Identity Module, is a hardware device that activates a phone number and enables all calls, texts, and data to be used on that mobile device with the carrier's assistance. It could also be exploited by criminals through SIM swap attacks to defraud the victims.

Gradually, criminals have begun targeting celebrities, influencers and high business executives into using corporate networks or critical data for their personal purposes. They may even target just one of them so as not to be compromised in any way.

1. Fraudsters access your accounts
If hackers get your username and password, they could use those same credentials to access any other service you use and perform a SIM swap attack hijacking your account and gathering even more personal data about you. The result is an endless chain of account takeovers, credit card theft, and identity theft with years' worth of action followed before it ever comes to a close.

.... and to apply some form of proof that this number is truly yours, the bad guys must know your phone number. Sending documents in electronic form and receiving an email requesting such a verification code from providers will keep those accounts pretty much active. Such documents may include your name and date of birth, IMEI/ICCID number (the device serial number or SIM number), security questions/answers, as well as any other sensitive data.

A convincing act to your carrier about having lost the phone would give access to the device to thieves, including any kind of authentication measures holding important accounts such as banks, cryptocurrency accounts, etc. Once the number is hijacked, these people have full control of any account that requires additional authentication measures for transfers and withdrawals and for which they're unable to receive 2FA codes via SMS or email-something most likely already occuring for you when someone claims you lost something like your device! You might notice some odd activity happening with your accounts such as unauthorised transfers and withdrawals or being unable to receive 2FA codes through SMS or emails or any of these channels! This could indicate something is amiss - with all accounts showing signs such activity such as transfers or withdrawals being attempted but also being unable to receive 2FA codes via these channels that normally come through SMS/email/SMS being lost! 

2. They can steal your identity
Fraudsters can access a victim's private accounts and information with the aid of their phone numbers. As well as the different social media profiles, contacts and cryptocurrencies belonging to victims, SMS-based 2FA codes for email accounts and banking information may also be intercepted by hackers. 

Getting personal information about the victim through public online profiles, usually facebook accounts, is what fraudsters need for SIM swap. They would use those data to answer the security questions like what their mother's maiden name or high school mascot are; then use that knowledge when calling mobile carriers and convincing them to transfer the number onto a new SIM card under their control.

Some signs that may indicate if you have been a victim are: The ability to access financial accounts, like banks and credit cards, may close now because the passwords were sent over text or email, such as those for bank accounts. Contact your banks right away in this case to freeze any possibly fraudulent activity under such terms. Using authentication apps that link credentials with physical pieces rather than phone numbers might help further protect accounts against attacks. Other carrier offers an extra level called Number Transfer PIN as step for handy verification during requests for number transfers or SIM swaps.

3. They can clean out your bank account
Fraudsters can drain a bank account almost entirely through the use of mobile phone numbers. High-risk online transactions usually require entering a direct code OTP sent from the mobile phone, which allows individual entrance into their accounts. From this point, fraud invokes interference with the mobile number, accessing money, credit cards details, or cryptocurrency from it. 

They can easily obtain this information, along with a mobile number that links to a name, birthday, and address, through a simple data breach, social engineering, or phishing attacks. They would then be able to call up the mobile carriers for that person and tell them that he has lost his device/SIM card and, for good measure, hire one of their employees from within to transfer the number to a new device. 

This is going to be the dream crook SIM holder to intercept calls, texts, or verification codes from sensitive accounts (like bank accounts or cryptocurrency wallets) and pass them onto the victims. They are financially so rewarding for criminals while causing huge financial losses to the targets. 

The account owner must be on the lookout and raise an alarm regarding suspicious activities on the accounts that could indicate that they have fallen victim to a SIM swap attack. Announcing posts on social media, peculiar transactions in the bank, or an alert from the mobile provider that indicates the number has indeed been swapped into another SIM, are just some of those symptoms.

4. They could rob you of cryptocurrencies 
Hackers have devised means by which stolen phone numbers could be used against the victims. Seizing the account that they possess, such hackers bypass all security measures that require the use of a mobile device to reset passwords and withdraw money from crypto wallets. A typical attack might focus on a victim's wireless carrier convincing them to assign that victim's mobile phone number to a SIM card on another device under their control - allowing hackers to intercept MFA (2FA) codes while accessing cryptocurrency assets in victim accounts and transferring them into their own wallets.