What is SIM Swapping?
SIM swapping involves a criminal accessing your personal data by pretending to be you. The criminal then claims to have lost the phone he was using and requires a new phone and SIM card so that he can transfer app data to the new phone. Once the criminal obtains a new SIM, they can then access your accounts and cloud data, even if you have 2 Factor Authentication (2FA) switched on as the SMS text message you receive with a code will go to the criminal. This whole process happens really quick and by the time you realise that something is wrong, the criminal has taken control and potentially stolen money and other data from you.
Steps to protect yourself.
Data is usually obtained by criminals in major cyber incidents that involve the leaking of data. This data is then sold on the Dark Web. Another way is by bribing employees of a telecommunications retail store (read this Fox 11 article here).
- Step 1 – You must always keep your personal data safe and not open any phishing emails or text messages that request your personal data. Banks, for example, never ask you to confirm your passwords or user ID’s via text messages.
- Step 2 – Use a security authentication key or application along with 2FA. The security keys (see Yubico) are usually in USB form and require you to enter it into the USB port of a computer when you are logging into one of your accounts.
- Step 3 – Use an Authenticator App such as the Google Authenticator App (Apple users – App Store; Android users – Play Store).
- Step 4 – It is also recommended to create a PIN or password with your telecommunications provider that will be required for account access and changes to your account.