Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.
  • Residence:
  • County:
  • Country:
Cyber Security Incident Response
Management & Architecture of Cyber Security Teams
Solutions & Coaching
  • Cyber Security Incident Response
  • Management & Architecture of Cyber Security Teams
  • Solutions
  • Training & Coaching

SIM swap scam: What it is and how to protect yourself

January 27, 2021

Right here’s what to find out about assaults the place a fraudster has your quantity, actually and in any other case

SIM swap scams have been a rising downside, with fraudsters concentrating on individuals from varied walks of life, together with tech leaders, and causing untold damage to many victims. Right here’s why try to be looking out for assaults the place somebody can upend your life by first hijacking your cell phone quantity.

How SIM swap fraud works

Often known as SIM hijacking and SIM splitting, SIM swapping could be described as a type of account takeover fraud. To make the assault work, the cybercriminal will first collect data on the mark, usually by trawling the net and trying to find each tidbit of knowledge the potential victim may have (over)shared. The sufferer’s private data will also be gleaned from identified information breaches or leaks, or through social engineering strategies, reminiscent of phishing and vishing, the place the fraudster wheedles the knowledge straight out of the goal.

When sufficient data is available, the fraudster will contact the goal’s cell phone supplier and trick its customer support consultant into porting the phone quantity to a SIM card owned by the prison. Most of the time, the scammer’s story shall be one thing alongside the strains that the change is required as a result of phone being stolen or lost.

As soon as the method is finished, the sufferer will lose entry to the mobile community and cellphone quantity, whereas the hacker will now obtain the sufferer’s calls and textual content messages.

What makes the scams so harmful?

Generally, the purpose of any such assault is to achieve entry to 1, or extra, of the goal’s on-line accounts. The cybercriminal behind the assault can also be banking on the belief that the sufferer makes use of cellphone calls and textual content messages as a type of two-factor authentication (2FA).

If that’s the case, the fraudsters can wreak unseen havoc on their sufferer’s digital and private lives, together with cleansing out financial institution accounts and maxing out bank cards, damaging the sufferer’s standing and credit score with banks within the course of.

The hackers may additionally entry their sufferer’s social media accounts and obtain delicate messages or personal conversations that may very well be damaging in the long term. And even publish insulting messages and statuses that would trigger main reputational injury to their victims.

Find out how to defend your self

Begin by limiting the non-public data you share on-line, keep away from posting your full identify, deal with, cellphone quantity. One other factor you need to keep away from is oversharing details out of your private life: chances are high that you just included some points of it in your safety questions which can be used to confirm your id.

In the case of utilizing 2FA, you may need to rethink SMS textual content messages and cellphone calls being your sole type of further authentication. As a substitute, go for utilizing different types of two-factor authentication reminiscent of an authentication app or a {hardware} authentication gadget.

Phishing emails are additionally a preferred approach for cybercriminals to acquire delicate data. They achieve this by impersonating a trusted establishment, counting on the belief that you just gained’t hesitate to reply their questions or scrutinize the emails too carefully. Whereas most of the phishing emails shall be caught by your spam filters, you must also educate your self on how to spot a phish.

Telecom corporations are additionally working towards protecting their clients. Verizon, for instance, launched a characteristic known as ‘Quantity Lock’ that ought to defend its clients towards potential SIM-swapping assaults, whereas AT&T, T‑Cell, and Dash provide the choice of further authentication within the type of PIN codes, passcodes, and extra safety questions. You need to examine along with your supplier to learn to allow such options, ought to they provide them.

In abstract

Whereas SIM swap scams are ever-present and a menace to everyone, there are methods to guard your self. Taking a number of of the a number of steps outlined within the article may help you decrease your possibilities of falling sufferer to such an assault. Moreover, you’ll be able to contact your financial institution and telecommunications suppliers to inquire about any supplementary safety companies you’ll be able to allow to lock down your accounts.

Posted in SecurityTags:
Write a comment