SIM (Subscriber Identity Module) swapping is a major cell phone industry-wide problem and is growing. Simply, a criminal calls a wireless company claiming to be the owner of your number and that they have purchased a new cell phone. They ask the company to activate the new phone transferring the SIM. The cell phone companies usually oblige the caller’s request and their “new phone” now has all your accounts plus telephone number.
By “all of your accounts” I mean your Amazon, Netflix, Instagram, Paypal, etc. accounts plus your phone number for calls and texts. Have you ever reset your bank or other password and they send you a PIN by text to verify it is you? Exactly. For most people, cell phones are the master keys to their online identities. The problem just gets worse if you use your phone as a digital wallet for making payments or even as a Bitcoin wallet. By the time you realize your phone isn’t making calls or sending texts because someone stole your number, the criminals have already made off with what they wanted.
So what can you do? First stop giving out your cell phone number to websites and treat it more like your social security number. If those websites don’t lose your number to a data breach, the companies they sell your data to will (Equifax, anyone?).
Second, watch what you post on social media. For a targeted attack, hackers will look through your accounts to find out things like your mother’s maiden name, the name of your childhood best friend or your first car.
Next, instead of using SMS for 2-factor, use a security app that requires a separate password login not associated with your phone number. Duo, Authenticator (Google’s and Microsoft’s) and Authy are some popular options many companies use. It is worth this extra protection instead of relying on your cell service provider, as they themselves have been known to have insiders helping the criminals with SIM swapping.
Finally, wireless companies now offer a little extra security that you may have to opt in for. Usually it is adding an extra PIN, spoken password or other way to verify the account before transferring SIMs to a different phone. You will need to check with your provider and see what they can do.
If you have any questions about cybersecurity for your business, contact your local Wyoming Small Business Development Center (SBDC) Network advisor today for no-cost advising by clicking here.
Jim Drever is a Certified Ethical Hacker and Regional Director for the Wyoming SBDC Network. He was born in Laramie, WY. Although he considers Wyoming home, Jim spent several years abroad studying and working in places like Japan, Switzerland, Scotland and Germany. He has also worked as Marketing Director for a local software company. When Jim is not helping clients, in his spare time he also works as a volunteer fire fighter and a volunteer ski patrol at Snowy Range Ski Area. He enjoys the outdoors, reading, traveling, and pursuing a lifetime of learning.