SIM Swapping – The Biggest Risk To Your Online Security

Hackers use SIM swapping to steal your personal information and your money.

The United States Fair Trade Commission reported 1,038 incidents of SIM swap identity theft in January 2013. It represented nearly 3.2 percent of identity theft cases that month. By January 2016, the number had increased to 2,658. The incidents of SIM swapping continue to rise all over the world.

According to 2018 Identity Fraud: Fraud Enters a New Era of Complexity, 15 percent of total complaints were based on identity theft. Identity theft claims fell by 9.3 percent between 2015 and 2018 but started to increase in 2018, reaching 19.8 percent from 2017 to 2018.

Identity Theft And Fraud Reports (2015-2018)

Report on identity theft and fraud between 2015-2018. Source

What is SIM swapping?

SIM cards store your data in GSM (Global System for Mobile) phones. This data is mainly used for authentication of cellphone subscriptions. Without a SIM card, your GSM phone can’t work on any mobile network. SIM swap fraud involves the theft of this information to gain access to the target’s cell phone’s communications capabilities – the fraudster essentially takes over your cell phone.

Hackers contact service providers and impersonate you to get your SIM card data. If their efforts are successful, your data will transfer to the criminal’s SIM card. They are often not interested in your personal text messages or phone calls; instead, they’re focused on receiving two-factor authentication (2FA) messages from accounts that hold your personal information.

Most banks require 2FA when you sign into your online banking account. Thus, when hacked by a SIM swap, the hacker inputs the one-time password (OTP) on your online account.

Signs that you are a victim of SIM swap fraud

Detecting SIM swap fraud before it occurs is very difficult. Most people discover that their SIM card data has been compromised only when they try to place a call or send a text message. Once the perpetrators deactivate a SIM, messages and calls don’t go through.

However, many banks and carriers have introduced protection procedures to prevent SIM swap fraud before it happens.

Step-by-step SIM swap process.

How SIM swaps work. Source

People can combat SIM fraud in many ways. They range from sending user alerts and putting in place additional checks, to spreading awareness among people regarding SIM swapping. Banks can identify SIM swap attempts from behavioral changes through behavioral analysis technology. This information can be used to alert customers and prevent banks from sending SMS passwords to compromised devices.

Ways to protect yourself from SIM swapping

Last year, T-Mobile reported that hundreds of people had to deal with SIM swapping scams. Mobile users should understand that their phones are greatly vulnerable to cyber attacks.

Fortunately, there are several ways to protect your SIM cards from hackers. You can mitigate the damage in the event they steal your valuable information.

  • Change the 2FA method
    The two-factor verifications appear convenient to mobile users. However, it can compromise your security and make your circumstances even worse if you have to deal with SIM swapping. A report revealed that 2FA is poorly implemented, despite being used by 77 percent of online banks.
    Instead, you can choose authenticator apps that link your OTP with your mobile device, instead of associating it with your phone number. Connect the app to your important accounts, and you will receive security codes through the app.
  • Don’t link your phone number to your online accounts
    Once intruders steal your contact number, they use it to reset passwords of your online accounts linked with it. Most of the time, it even bypasses 2FA.
    Once hackers get access to your accounts, they steal your confidential information and money out of your bank account. They may even sell your personal data on the dark web.
    That’s why it is recommended that you should never link your phone number to your accounts. Recently, hackers sold a doctor’s identity and highly valuable data on the dark web for $500. Documents included malpractice insurance documents, board recommendations, medical diplomas and licenses, and DEA licenses.
  • Use encrypted messaging mobile apps
    SMS can’t be encrypted, and so hackers can easily intercept your text messages. To avoid this, use an encrypted messaging app, such as Signal, WhatsApp, or iMessage.

Conclusion

SIM swapping is real and it’s becoming increasingly rampant worldwide. The hack allows fraudsters to take over your mobile phone device’s communications capabilities, especially SMS. By doing so, hackers can take advantage of 2-Factor authentication messages to bypass any verification from your accounts. This includes bank accounts, which often rely on such authentication processes, and can easily lead to your bank account balance being wiped out. Other implications include significant losses of personal information than can be sold on the dark web.

Thankfully, there are preventative options. Avoid using your default SMS for such verifications and rely, instead, on apps. You can also use encrypted messaging apps for communication purposes, in an effort to keep your communication protect.

 

Neil Aitken

Having worked in 3 countries for 4 telcos on both voice and data products, Neil is in a position to give you the inside track. Get beyond the marketing messages to the best plan for you.