What is SIM Swap Attack/Fraud/Scam? How to Protect Yourself from It?

What is SIM Swapping Attack Fraud?

SIM swapping is a type of scam that allows fraudsters to get hold of your phone number which in turn allows them to take over any social media accounts that’s linked with it. If you are unlucky, they can even use this trick to get into your bank accounts and that is a disaster that you don’t want to go through. If you are thinking, how can anyone get hold of your number, it’s easy.
SIM Swap Attack representation
The attackers use the service provider’s ability to seamlessly port a telephone number to a device containing a different subscriber identity module (SIM). This feature was introduced by carriers to help users who have lost their smartphones to easily get their old number back. However, the mobile carriers have become so lax when it comes to verifying the identity of the caller, that they are easily duped. So, someone who has acquired basic information about you can call your mobile service provider and have your SIM ported to a different phone. There also have been cases where attackers payoff an employee to get a specific number ported.
Whatever method an attacker has used to procure your number, it doesn’t matter. What matters is that the SIM swap attack gives the attacker access to all your calls and messages. And if you are using SMS as 2FA security or your account recovery method, they can enter your number, get the OTP (one-time-password), and take control of your accounts.

Is It So Easy to Swap Numbers?

I get it. You are not sure that SIM swapping can happen to you there must be some form of customer protection in place. Well, you are not entirely wrong. SIM swapping is not supposed to be easy, however, fraudsters have become so apt at using a combination of social engineering and new methods like phishing, that it is no longer a long shot. Also, the disdain of mobile operators, especially in the US and Canada, in providing any form of a special check to protect their customers is not helping much.
In a recent study conducted at Princeton University, the researchers examined the types of authentication mechanisms in place for such requests at 5 U.S. prepaid carriers—–AT&T, T-Mobile, Tracfone, US Mobile, and Verizon Wireless. They signed-up for 50 prepaid accounts (10 for each carrier), and then made calls to SIM swap those accounts. Their findings are as follows,
“OUR KEY FINDING IS THAT, AT THE TIME OF OUR DATA COLLECTION, ALL 5 CARRIERS USED INSECURE AUTHENTICATION CHALLENGES THAT COULD EASILY BE SUBVERTED BY ATTACKERS. WE ALSO FOUND THAT IN GENERAL, CALLERS ONLY NEEDED TO SUCCESSFULLY RESPOND TO ONE CHALLENGE IN ORDER TO AUTHENTICATE, EVEN IF THEY HAD FAILED NUMEROUS PRIOR CHALLENGES”.
That is some scary data. Not only they found that they can easily SIM swap, but they also found that only one correct answer was needed to swap the SIM, even in cases where they have given repeated wrong answers. It means, a fraudster can just keep guessing and when they get one answer right, your number is swapped. If that’s not apathy towards consumer security from carriers, then what is?

How Can You Protect Yourself from SIM Swapping Attacks

Now that you know SIM swapping is a serious threat to your online and financial privacy, let’s see what you can do to stop these attacks. There are several things that you can put in place so you are never a victim of SIM swapping frauds. You can also ensure that you don’t suffer any major problems, in case your SIM is swapped. And finally, we will take a look at the steps you can take in the worst-case scenario. So without further ado, let’s get started, shall we?

1. Use Carrier PIN Codes

Most US carriers allow users to set a PIN to their phone number. If your carriers support this feature, stop reading and set it up right now. This will stop SIM swaps from happening as the fraudster will be required to give the PIN to activate the process. Since only you have the PIN, they won’t be able to swap your SIM card. If you fear that you will forget the PIN, remember to use a good password manager (if you are not doing already so) and stick the PIN in the secure notes feature. This way, your PIN will be secure and available. Here are how you can do this.
iPhone Users: Go to Settings -> Cellular -> Sim PIN and enable the toggle. It will ask for a PIN first. Here’s the default PIN for various service providers in India.
Android Users: Go to Security & Privacy -> More Settings -> Encryption and credentials -> Set SIM lock. Again use the above default PIN to open the setting and then reset it with your own PIN.

3. Don’t Share Overtly Personal Information Online

Humans are social by nature and we love to share our views and thoughts with the world. There are several social media websites like Facebook, Instagram, Twitter, and more where we love to share with other users. However, remember, any information that you share online can be used against you. Seeing the state of information on Facebook and how easily our data is sold, it would be wise to not share overtly personal information. Remember, you only need to get one answer right to swap the SIM. Make sure you are not the one giving away the information.
3. Don't Share Overtly Personal Information Online

4. Don’t Use Your Number as 2FA Security or Recovery Method

One thing that I make sure to do is never use my phone number as 2FA security or account recovery methods. It still boggles my mind as to how a thing that is so easily shared can be used as a measure to protect our online privacy. Make sure to use third-party authentication apps like Google Authenticator (free – Android / iOS) as your 2FA security. I prefer Authy (free – Android/iOS) but you can use any app that you want.
2fa guides
Setting up third-party authentication apps can be a bit challenging at first. If you don’t know how to do it, check out our guides for setting up authenticator app for Facebook and Twitter authentication. You can find similar guides for other services on the internet. You should do this to minimize the damage a fraudster can cause even if they swapped your number.

2. Don’t Fall for Phishing Scams

The first step in protecting yourself from SIM swapping is ensuring that you are not falling prey to a Phishing scam. A fishing scam is one of the oldest forms of scams. In this, you receive an email or a message from a fraudster impersonating as your mobile carrier or your bank or any such institute. Mostly the messages and emails either warn that you have been hacked and you need to change your account and password or that you have won some money or cash back and you need to enter some personal information to get the prize or refund.
Phishing Attack
If you receive any such mail or message, cross-check before you click on the embedded link and give away your personal information. Because that information will be saved and used by the fraudster to get your SIM swapped. Remember, 99% of such emails are from frauds and you should never enter any personal information before verifying the sender. If it’s an email, you can check the email address and make sure it’s legitimate. You can do that by looking at the suffix of the email (the part that comes after @ symbol) and matching it with any previous official emails that you have received. You can also use reverse email lookup services to see if it’s a spam or not.
Steps to Take If You Are SIM Swapped
If worst comes to pass and you are SIM swapped, you should take these steps immediately to minimize the effect of the attack.
  • File identity theft report with your local police and contact FTC immediately.
  • Alert your banks and other financial institutes about the attack and freeze all your accounts until the situation is resolved.
  • Call your mobile service provider and let them know about the fraud. Ask them to return the number to your phone. Here are the customer care numbers for major US and Indian carriers
      • Indian Carriers
        • Vodafone: 111 – Vodafone customers / 9886098860 (Non-Vodafone customers)
        • Airtel: 198 – Airtel customers (check this link for non-Airtel customer care number)
        • BSNL: 9415024365
        • Reliance Jio: 1800 88 99999
    • Make sure to change the email ID, password, and recovery method of all the accounts associated with that number.
    • If you can’t change the password as your number was 2FA security (which you shouldn’t have – check point number 4), try to contact a customer service representative of each account associated with your number and let them know your situation.
    source via: Beebom.com

    Comments

    Post a Comment

    Popular posts from this blog

    Mark your Calender Google Pixel 2 is coming on Oct.4

    Image
    Google Pixel 2 Gets FCC-Certified With Android O, Snapdragon 835 And 'Active Edge' The Google Pixel 2 edged closer to its launch after being certified by the Federal Communications Commission (FCC), and according to the regulatory filing, the device will come with Android O and Snapdragon 835, features long expected. The device, expected to be launched in the next two months, will also have a new ‘Active Edge’ feature, similar to Edge Sense on the HTC U11. A screenshot of the device in the filing displays the feature, which is expected to be a gesture-based trigger for the voice assistant. Pressing the edges of the display is expected to trigger the Google Assistant. On the U11, the gesture can also be used to open apps or even take photos. According to  PhoneArena , the device will also have different navigation buttons, with the home button doubling as the trigger for the assistant. The device is also expected to have a 64GB base variant since the leak...
    Read more

    10 Best Google Chrome Shortcuts You Should Use in 2019

    Image
    Amazon.in Widgets 1. Manage Chrome Tabs and Windows There are times when we hurriedly close an important tab and have no idea how to get it back. Well,  you can use Ctrl+Shift+T to bring back the tab in the original state . Similarly, there are shortcuts to efficiently manage tabs and windows without any hassle. We have compiled basic shortcuts below so that you can use on Chrome without losing any time. Open new tab: Ctrl+T Open new window: Ctrl+N Close current tab: Ctrl+W Reopen Closed Tab: Ctrl+Shift+T Close current window: Ctrl+Shift+W Open Incognito Window: Ctrl+Shift+N Switch chrome tabs: Ctrl+Tab Switch chrome tabs on Mac: Cmd+Option+Right or Left arrow Open link in a new tab: Ctrl+Click Open link in a new window: Shift+Click 2. Webpage Shortcuts You hit refresh button but nothing changes? Well, it’s because the webpage is loading the cached content.  You can use Ctrl+Shift+R which refreshes the webpage from scratch  discarding the cached co...
    Read more

    You Can Now Schedule Emails in Gmail

    Image
    The feature works pretty much how you’d expect it to work. You can write your email whenever you want, and schedule it to be sent at a later date and time of your choosing. This can come in very handy for people looking to send birthday greetings on time, but who keep forgetting. Anyway, here’s how to use the feature on the Gmail app on Android, and on the Gmail web app. How to Schedule Emails in Gmail on Mobile To schedule an email on your smartphone, just follow the steps below. Launch the Gmail app, and compose a new email. Once you’re done with that, tap on the three dot menu on the top right, and tap on ‘ Schedule Send .’ You will now be able to choose between the preset times, or  pick a date and time  of your own choosing by tapping on the last icon. Once you’re done, just tap on ‘ Schedule send ‘ and that’s it. Gmail will schedule your email and it’ll be sent automatically at the time of your choosing. If you want to take a look at your scheduled...
    Read more