As technology advances, so do many things alongside it. Merely a decade ago, no one could have fathomed the possibility of an attacker robbing them of their money remotely, with little fuss – on account of your phone number. And yet, this is a threat that’s very real these days. Countless people have fallen victim to this fraud – known as SIM swapping – which a study says four out five are usually successful. And with the rise and allure of cryptocurrencies, SIM swap scammers are getting even bolder.
What’s a SIM swap attack, and how can you protect yourself from one? This article unmasks into everything you need to know.
What’s Sim Swapping?
Sim swapping, a.k.a SIM splitting, simjacking and port-out scamming occur when a scammer dupes your cell service provider that they are you, and that you’re transferring your phone number into a new SIM. In actual sense, they’re stealing your phone number and your personal data.
If the swap goes through, your phone will get activated, and all data related to your phone – calls, texts, and accounts number will now be in their hands. With access to that information, the scammer can now access all personal, contact, and financial information tied to your account.
How a SIM Swap Works
Way before executing a SIM attack, the scammer will have already gathered as much info on you as possible. They will then contact your service provider posing as you, and then claim that they (you) have lost or damaged your SIM card. They will then request your carrier to activate a SIM card in their possession. When this action goes through, your phone number will be ported to the fraudster’s device.
As we mentioned earlier, the scammer has already collected information on you. This will be through either phishing emails, malware, hacking or social media. When it comes to answering your security questions, it’s a breeze for the scammer since they already scoured for info from all of these places.
Once they’re in, they can do pretty much what they like – including resetting passwords for your bank account and other financial accounts. They can even set up parallel bank accounts and transfer money to them. Such an action would not necessarily raise eyebrows at your bank since you’re already a customer. If you have cryptocurrency funds, say, an account at a crypto exchange, they might cash out or transfer funds to their account.
Why are SIM Swap Scammers Targeting Crypto Holders?
SIM swap crimes are nothing new, but they have become even more prevalent with the rise of crypto. That may be due to:
- The ease of cashing out on crypto
- Crypto holders who store their funds in vulnerable mobile apps
- Easy to access crypto holders’ social profiles – which makes it easy to gather info and increase their exposure to an attack
Do SIM Swap Scammers Always Get Away with It?
SIM swap scammers may think they’re getting away with it due to the pseudonymous/anonymous nature of cryptocurrencies. However, authorities have been able to hunt down several SIM swap fraudsters in the past – a fact that should send a warning to would-be scammers.
One of these is Joel Ortiz – a former college student who had successfully carried out several SIM swap hacks totaling over $7.5 million involving more than 40 targets before being caught.
In particular, Ortiz made certain to attend the 2018 Consensus cryptocurrency industry conference attended by thousands of prominent crypto holders. He took that opportunity to hack several people’s phones, robbing some of them of their life savings.
After conducting the frauds, Ortiz spent the money living lavishly – hiring helicopters to take him and friends to music festivals, buying expensive watches, designer clothes, booking pricey Airbnb rentals, and so on. As it would be, the law finally caught up with him, upon which he entered a plea deal that saw him get ten years in prison. Authorities’ efforts to recover the lost money turned up only $400,000, with the rest squandered or hidden.
Signs Your SIM Has Been Swapped
Most people wouldn’t recognize a SIM swap scam even when it’s going on. The first step to protecting yourself is knowing how it unfolds. Here are signs that your SIM is being swapped:
- You can’t pick or place calls and texts. This is the first and biggest warning sign, and it likely means your SIM’s been deactivated
- Your service carrier informs you that your SIM card or phone number has been activated on another phone
- You can’t access your bank and/or credit card account because your logins are not working. When you notice this, contact your bank immediately
How to Protect Yourself from a SIM Swap Attack
With SIM swap attacks happening randomly and without warning, it can be daunting to even know where to begin cushioning yourself against one. With the tips below, you’re on your way to the first step to protecting yourself.
i) Change your two-factor authentication method.
Most people rely on a two-factor security method that relies on messages via SMS. However, using an SMS-based authentication method is not safe, since, in the event of a SIM swap attack, your authentication texts will go to them directly. Instead, choose an authentication method that relies on the phone itself rather than an SMS-based one. Good choices include the authenticator app Authy or Google Authenticator.
ii) Remove Your Phone Number from Accounts
Nowadays, almost every app or account requests your phone number for authentication. Just like with the above scenario, if your SIM were to be swapped, the attacker would obtain total control of all your accounts. You can remove your phone number from any account that you’ve already signed on with. This will help ensure your phone number can never be used against you.
iii) Create a PIN or Extra Password with Your Service Provider
This isn’t hard to do at all. All you need to do is call your phone service provider and ask to create an additional layer of protection in the form of a PIN code or a password on your account.
iv) Create Hard-to-guess Passwords
Most people make the mistake of creating predictable passwords such as the date of birth, pet names, etc. This is a mistake. Remember, any random person can enter several birthdates repeatedly until they get the correct value. The same applies to pet names, which are very likely on your social media profiles. But if your passwords or entry codes are randomized, an attacker will have a harder time swapping your SIM.
v) Don’t Use Your Social Media Accounts to Log into Other Services
Don’t sign up for services using Facebook, Twitter, and so on. This would give an attacker more access to even more of your digital life. And the more they know about you, the more they’re likely to gather more information about you that they can use to blackmail you, guess your account bank account info and other malicious activity.
SIM swap attacks are as real as they are unpredictable. This means to protect yourself against one, you need to take measures as soon as possible. The good thing is you just need a few changes in your accounts’ security set up, and you’re good to go. These few changes will go a long way to protecting you and your money.