Password protection alone has never been a good enough guard for accounts that hold sensitive information or any easily transferable value, i.e., online banking, cryptocurrency exchanges, and other online payment processors. The institutions prone to be targeted by hackers wanted to protect their clients, so they started fighting back by adopting SMS as a part of two-step verification.
Adding another layer of security was undoubtedly a step forward but was not enough as hackers quickly adapted to the new trends. Stealing your password was not enough for cybercriminals to gain access to your sensitive account, they had to find a way to either hack your phone or somehow clone it so they can pass the two-step verification process.
While this initially seemed like a hard task, wireless carriers, especially the ones here in the US, were not prepared to get so much responsibility on their shoulders. Faults in the security processes of the wireless providers resulted in hackers being able to effectively execute SIM swapping campaigns essentially taking over your cell phone number for a brief time usually enough for them to cause irreversible damage to your finances and credit score.
What is SIM hijacking and how do they do it?
SIM swapping is essentially the process of hackers activating your number onto a SIM card of their possession. The process helps them take over your phone number, so next time someone tries to access your online banking account, the cybercriminals are the ones receiving the verification passcode instead of you. This is usually effective when someone wants to reset your password or already knows your password and wants to go through the 2 step verification process. This is called SIM hijacking but is also known as SIM swapping and SIM hacking.
When you call your wireless carrier over the phone, the operator usually goes through a quick verification process with you. They often ask for your full name, address, phone number, DOB, and passcode or the last four digits of your social. All of this information has leaked at some point in the past so hackers might have purchased the data from the dark web, or might have used other social-engineering ways to get the needed details – as we’ve previously reported, finding someone’s address, cell, and DOB is not as hard as we all want it to be.
Gaining access to your account allows the hackers to pass the 2-step verification process on various places but also allows them to purchase whatever they want from your wireless carrier itself. Imagine if the devices for the five available upgrades on your account are sent to an unknown address on the other side of the country, and you are the one billed for them on your next month’s billing statement.
How to truly protect yourself and your loved ones?
Very often wireless carriers use the last four digits of your social for as your default passcode – as you know, your SSN might have already been exposed and be in possession of the hackers. So if you want to avoid becoming a victim of SIM hijacking, we strongly recommend you to call your carrier and set up a passcode that you haven’t used anywhere else before.
Cybercriminals might decide to attack your phone instead so having antivirus software is usually the layer of security hackers cannot, or don’t have the time, to deal with. Last but not least, keep an eye on your email.
When wireless carriers make a change on your account, they sent you an email confirmation with the changes. If you are unsure what is happening or you do not recognize the transaction, google their phone number and call them. The sooner you call, the easier will be for you to minimize the amount of damage inflicted by the fraudsters.