SIM Swap and SIM Swap Fraud. What is it? How does it work? How can it be prevented?
Last night, at about 10:00, we received another email from a user claiming their phone had been SIM Swapped. This was our third this week, and it’s becoming increasingly common, so we thought we’d take a few minutes to discuss it.
A SIM swap fraud is a sophisticated form of identity theft that targets a victim's phone number, enabling the perpetrator to intercept calls and SMS messages, including those containing two-factor authentication (2FA) codes. This type of fraud has become increasingly prevalent, posing significant risks to individuals and businesses alike. Understanding how SIM swapping occurs and implementing preventative measures are crucial to safeguarding personal information and financial assets.
How SIM Swap Fraud Works
The process typically begins with social engineering. Fraudsters gather personal information about the victim, such as their name, address, date of birth, and phone number. This data can be obtained through various means, including phishing emails, data breaches, or even social media profiles.
Once armed with sufficient information, the fraudster contacts the victim's mobile carrier, impersonating the victim and claiming that their SIM card has been lost or stolen. The fraudster then requests that the phone number be transferred to a new SIM card in their possession. If the mobile carrier is convinced, they deactivate the victim's original SIM card and activate the new one, effectively giving the fraudster control of the phone number.
With control over the victim's phone number, the fraudster can receive all incoming calls and SMS messages. This capability is particularly dangerous because many online services use SMS-based 2FA to verify user identities. By intercepting these authentication codes, the fraudster can reset passwords and gain access to the victim's email, bank accounts, and other sensitive online accounts.
Preventative Measures
· Use App-Based 2FA: One of the most effective ways to prevent SIM swap fraud is to use app-based 2FA instead of SMS-based 2FA. Applications like Cisco Duo, Google Authenticator, Authy, or Microsoft Authenticator generate codes directly on your device, making them more secure against interception.
· Set Up a PIN or Password with Your Carrier: Most mobile carriers offer the option to set up a PIN or password that must be provided before making changes to your account. This additional layer of security can deter fraudsters from successfully impersonating you.
· Be Vigilant with Personal Information: Protect your personal information and be cautious about sharing it online. Avoid disclosing sensitive details on social media and be wary of phishing attempts. Always verify the authenticity of requests for personal information.
· Monitor Your Accounts: Regularly check your financial and online accounts for unusual activity. Setting up alerts for transactions or account changes can help you quickly identify and respond to unauthorized actions.
· Contact Your Carrier Immediately: If you suspect you are a victim of SIM swap fraud, contact your mobile carrier immediately to regain control of your phone number. Additionally, inform your banks and other relevant institutions to secure your accounts.
SIM swap fraud is a growing threat in the digital age, but by understanding fraudsters' tactics and implementing robust security measures, individuals can significantly reduce their risk of falling victim to this type of attack. Proactive steps, such as using app-based 2FA, setting up account PINs, and monitoring account activity, are essential in protecting personal and financial information from SIM swap fraud.
If you’ve been a victim of SIM Swapping or SIM Swapping Fraud, contact your carrier immediately. For computer emergency response or additional support, contact Trusted Internet’s Executive Cyber Support Team at help@trustedinternet.io or 800-853-6431.
References:
· What is SIM Swap Fraud? - https://us.norton.com/blog/mobile/sim-swap-fraud
· How to Protect Yourself Against SIM Swap Scams - https://www.consumer.ftc.gov/blog/2020/10/how-protect-yourself-against-sim-swap-scams
· T-Mobile, AT&T, Verizon: How Secure Are Your PINs? - https://krebsonsecurity.com/2020/05/t-mobile-att-verizon-how-secure-are-your-pins/
· How SIM Swap Fraud Works - https://www.bbc.com/news/technology-51861603
· SIM Swap Scams: How to Protect Yourself-https://www.theguardian.com/money/2020/jan/23/sim-swap-scams-how-to-protect-yourself