SIM swapping is when a scammer transfers your phone number to a new device without your permission. Someone convinces your carrier to transfer your number over to SIM card they have, once that happens the world is the hacker’s oyster. Armed with that, they can complete text-based two factor authentication checks giving them further access to accounts associated with your phone number, steal your personal information, and trick services to giving out your passwords.
Microsoft dug into hacking and came up with a list of the favorite hacking techniques of Lapsus$, an international hacker group known for its various cyberattacks again companies and government agencies. One of their top hacking methods is SIM swapping.
In addition to SIM swap stealing data and providing unauthorized access to accounts, this hacking style preys on people desperate to get their phone number back who are willing to pay high sums of money to do so. It was estimated that Lapsus$ has racked in over $14 million from their victim with this method in December to July of 2022.
So how does all of this happen? Social Engineering. Social Engineering is all about the psychology of persuasion where hackers aim to gain the trust of their targets to lower their guard and encourage risky behavior that includes giving out personal information, clicking on malicious links, or opening dangerous attachments.
Businesses are vulnerable to hackers who individually case out employees using Social Engineering to gain access to accounts and company phone numbers. All they need is one employee to fall for their scheme to bring a company to a grinding halt with long term repercussions.
How to prevent SIM Swapping
The identity verification processes mobile companies use vary and are often susceptible to fraud. This is especially true when verification involves easily accessible information or if insiders are compromised.
To prevent SIM swap fraud, consider the following measures:
- Stronger Authentication Methods: Move beyond SMS-based 2FA. Use authentication apps or physical tokens which are not susceptible to SIM swaps.
- Guard Personal Information: Limit the sharing of personal details online and be cautious of phishing attempts. Educate yourself on common social engineering tactics.
- Enhanced Carrier Security: Speak with your mobile carrier to understand and use any available additional security measures, such as setting a PIN for SIM changes.
- Regular Monitoring: Stay vigilant for signs of SIM Swapping, such as an unexpected loss of mobile service. Contact your carrier immediately if you suspect any unauthorized changes or changes to your mobile service.
If you suspect you are a victim of a SIM swap, contact your mobile carrier immediately to attempt to regain control of your number and prevent further misuse. Additionally, update your account passwords and enhance security settings to mitigate potential damages.