Cell Phone SIM Swapping Attacks
Nancy Patterson - June 29, 2020
If you were born prior to 1980, we all remember seeing the first mobile phones. They started off as being primarily attached to vehicles, but some more portable offerings gave us phones roughly the size of a PlayStation (as a result of a huge battery) in a lovely shoulder-strapped bag. Believe it or not, they were even more of a status symbol then, then they are today. At first the term “mobile phone” was the more popular colloquialism for cell phones. With the onset of major cellular networks (each cell tower puts out a signal, the range of that signal is it’s “cell” all the cells make up the network) we have since referred to them as cell phones. Today 96% of ALL Americans own a cell phone according to the Pew Research Center. Today our cell phones rely on little chips called SIM cards. These cards are given to us by our phone carriers and are used to identify us in the network and grant us access (if we have remembered to pay the darn bill). You probably don’t give much thought to that SIM card considering you really only ever see it when you get a new phone, and most of the time it’s handled for us at the store. Unfortunately we now have a concerning new trend that requires us to give more focus to our SIM cards. It’s called the SIM Swap Attack.
What is a SIM Swap Attack?
Alright so think of your SIM card like your cell service social security number. If you are someone who has had your identity stolen you know just how much of a pain in the butt it can be. But really in the end you can be made whole via protections from the FDIC and other government agencies. But stolen personal information is another thing entirely. It’s one thing to know my name and my social security number. You can open credit lines and get money, but you cannot get my personal text messages, emails, photos etc. Once that information is retrieved, it is out there forever. It’s like they say; “You can’t un-ring a bell.”
And if you are one of those who think, “this won’t happen to me”, just know this happens, even to the best amongst us in the tech world. Jack Dorsey, the founder of Twitter and Rob Ross a former Apple engineer have both been victim of SIM Swap Attacks.
How SIM Swap Attacks Work and What You Can Do To Protect Yourself
It’s the middle of the night, you’re in bed deep asleep. Your phone; just 2 feet from your head on your nightstand. You are probably at your most vulnerable. Suddenly, without warning, a strange man you’ve never knowingly laid eyes on attempts a SIM Swap. The good news first… no, that man is not in your room with you (PHEW!). But what does that mean exactly? Well it means that you can be the victim of a SIM Swap anytime, anywhere and they never have to touch your phone. Instead the attacker will convince your carrier that they are, in fact, you… and ask to have your phone number ported to a SIM card that the attacker owns. Attackers can then use it to receive your texts, reset passwords with two step authentication and even do a phone “restore” and get all your resent backed up data.
Ensuring you use good passwords and pins for your mobile account that are not shared anywhere else. Keep them a secret, and change them every few months. This will make it way more difficult for someone to convince your carrier they are you.
You can also do your best to avoid using SMS as your two-factor authentication. There are a few apps out there that provide this service.
Always double check any unknown number that comes to your cell phone by doing a reverse phone lookup. This can help verify the identity of everyone who tries to come in contact with you. Members can easily keep track of all those who they search as part of the service and accessible any time. Click here to get started!