SIM swapping is a method hackers use to steal your identity. This affects more than your telephone calls. By getting their hands on the SIM card from your phone, cybercriminals can receive the two-factor-authentication (2FA) codes needed to access your various online accounts.
How SIM swapping threatens your life
According to Wired, a recent spat of compromised Instagram accounts is the result of SIM swapping. Of course, this type of attack matters more than possible embarrassment on social media.
A cryptocurrency investor this week claimed that a SIM swap resulted in the theft of $23.8 million-worth of tokens; he’s suing his carrier, AT&T, for 10 times that amount. And Motherboard recently documented a number of incidents in which SIM hijackers drained thousands of dollars out of people’s checking accounts.
Anatomy of a SIM swap
To make the swap, hackers don’t need to access your phone. All they need to do is involve someone with access to your phone network (e.g., AT&T). So, even if you live with immaculate security practices, you can be a victim.
At least one security firm has determined that hackers are often paying retail employees who work for a cell phone company to help them swap a number to their phone.
Also, for the most part, no adequate defense against SIM swapping exists. However, you can do some things to protect yourself.
• Add a PIN to your mobile account. Theoretically, no customer service rep should speak about your account to anyone who doesn’t have the right PIN.
• Use an authenticator app. I don’t like Google, but you can try the Google Authenticator app as a way to eliminate 2FA text messages. Read about the best authenticators at PC World.
• Get extra phone numbers from Google Voice or other third-party telephone service and use it to associate with your most-sensitive account. Unfortunately, using a separate phone number for each of your accounts is probably not a feasible solution.
Quick Tip: Take steps now to defend against the increasingly popular SIM-swap attack. Stop using SMS-based 2FA, add a PIN to your phone account, and immediately respond whenever your smartphone suddenly stops working.