Alexia

Losing Your Identity Through Your Phone Number: How SIM-Swapping Attacks Can Leave You Vulnerable

protect yourself from cyber criminals

SIM-swapping is the latest way cybercriminals & hackers are performing attacks on your cell phone.  Could you be next?

Picture this: It’s Friday and you just got paid. You go to the ATM to withdraw $100 for the weekend. The message on the screen says your account is overdrawn and no funds are available. You march into the bank to discuss what must be an obvious error. This is only to find out that all your money has disappeared from your account. How did this happen? Your cell phone was hacked, cell account stolen & your bank account passwords reset which was how they swept your bank account. SIM Swapping is very real and very effective. Here’s how it goes down. 

What is SIM-swapping?

The term SIM swap refers to the tiny “chip” that your cell phone uses to store your number and account information. This may include pictures, texts, emails, contacts, apps, etc, usually located on the inside of your phone.

SIM-Swapping is a relatively new attack where criminals steal a victim’s telephone number. They have figured out that your most important accounts, like bank accounts, are using two-factor identification when resetting your passwords. From identifying your cell-phone number they are able to find out any personal information about you. SIM swappers use the “Forgot my password” tool for online services with the intent to take over your online accounts. Within minutes of access into your accounts, these hackers are able to look through old email messages looking for access to financial accounts. These include not only financial accounts but cryptocurrency accounts, social media, bank accounts, and even IRAs. Investigators have also seen SIM swapping used to compile photos for money and blackmail, resulting in an awful violation of privacy.

 

“You want to protect your accounts from being able to reset simply because somebody has your phone number.” -Mr. Selby, NYPD

 

Once inside your accounts, these criminals change your passwords to your most important accounts & lock you out. They switch your security settings so that your accounts can’t be reset when you’re finally able to recover your phone number. These criminals use an app called “Authenticator” designed by Google. You can still get locked out of your accounts through this app, even if you’ve recovered your phone number. 

The law-enforcement task force, Investigators with the Regional Enforcement Allied Computer Team, stated they know more than 3,000 victims, accounting for $70 million in losses nationwide. Worse is the rate at which this technique is growing because it’s so powerfully effective in stealing your identity. 

 

“ If the richest man in the world had his cell phone hacked, where does that leave the rest of us?” Charlie Warzel – NY TIMES

 

WAYS TO PROTECT YOURSELF

FROM SIM CARDS HACKS : 

    1. Do not post online that you are leaving for vacation, to avoid calling attention to an empty house filled with valuables. Social media not only presents an opportunity for criminals; it provides them with more personal details about you, which allows them to create the mosaic they can use to impersonate you.
    2. Call your cell phone carrier and ask to add a passcode on your phone account. Make sure to remember your passcode! 
    3. Try the “Forgot my password” option on your most important accounts and see what the process is for that.
    4. Get a password manager to store all of your passwords. CLICK HERE for Best Password Managers from CNET.  If you want extra security protection, use applications such as Yubikey or Google Titan, which allow for one-time passwords and two-factor authentication.
    5. Turn off SMS authentication. For Android Phones CLICK HERE. For Apple Phones CLICK HERE. Make sure to remember your passwords if you do this, as sometimes you may not be able to recover your accounts
    6. People hired to help you, like accountants and lawyers, can innocently provide a way into your financial life, especially if THEY are hacked. The best that people can do is verify everything through basic human interaction that will slow and eventually stop hackers.

 

 If you’re interested in reading the whole article on SIM-swapping, click this link here.

 

For more information contact a Metropolitan Risk Risk Advisor or call 914-357-8444.  

 

/by
You might also like
OSHA Inspections and Fines Fire Drills with Children
Are Site Safety Cards Required for All Construction Workers? The Importance of a Work Site Accident Witness
OSHA Inspections and Fines America's Most Dangerous Jobs
people walking blurryPhoto by Timon Studler on Unsplash New Sexual Harassment LawsPassed: Great for Employees, but What does it Mean for Employers?
Cybercriminals Are Targeting HR Depts. With This Resume Scheme
OSHA Inspections and Fines Did You Know It's a Felony for an Unsafe Work Environment?