How to limit attacks related to SIM card swapping?
Every year, it is estimated that consumers lose several million euros due to swapping SIM cards. On a regular basis, large numbers of people are arrested and accused of participating in criminal networks that empty bank accounts in a series of SIM card swap attacks.
What is a SIM swap?
SIM swapping, also known as SIM hijacking or SIM hijacking, is a type of account takeover (ATO) attack in which cyber criminals transfer the victim’s mobile phone number to a new SIM card. SIM card swap attacks usually occur in one of three ways:
- Phishing attacks against consumers. In this case, cyber criminals use phishing to obtain personal identification information from mobile subscribers, then use that information to impersonate the subscriber and convince the mobile operator’s employees to issue a new SIM card with the targeted phone number.
- Phishing attacks against mobile operators. In this scenario, cyber criminals use phishing techniques to trick telephone operator employees into providing their passwords or download malware, which is used to break into the operator’s system so that cyber criminals can proceed -even to swap SIM cards.
- Wicked insiders at mobile carriers. This occurs when cyber criminals work directly with employees of mobile operators who have permission to carry out SIM card exchanges.
Regardless of how the attack was carried out, the end result was the same. Once cybercriminals switch a consumer’s mobile number to their SIM card, they can insert it into a new device, use it to bypass phone-based multi-factor authentication (MFA), reset consumers’ login credentials, and take control of their online presence. accounts and applications.
Stop swapping SIM cards
- Whenever possible, always protect your online accounts using two-factor authentication (2FA), but don’t use phone calls or text messages to authenticate yourself. Instead, use biometrics, a physical security token, or a standalone authenticator app.
- Avoid giving out your cell phone number or other personal information, such as your address, online.
- Never share banking information online.
- Never provide your mobile number information in response to unsolicited phone calls or emails claiming to be from your mobile carrier. Check contacts by contacting your carrier’s customer service or logging in directly to their website.
- Use strong and unique passwords for all your online accounts.
- Never store your login credentials or other sensitive information in unencrypted text files, spreadsheets or other media. Instead, use a password manager, which stores your login credentials and other personal information in an encrypted vault that only you can access.
SIM swap attacks are often underestimated. However they can have a significant and irreversible impact. Keep these tips in mind to limit the risk of your data being hacked.
For professionals, a password management and security platform can also give you complete visibility into employee password practices. For added security, it lets you monitor their password usage and enforce the correct password security policies across your enterprise, including password complexity requirements, 2FA, RBAC, and other security policies.
Photo credit: DR
[cc] Breizh-info.com2022, sending free copies and distribution with acknowledgment and link to the original source