In the modern age, account protection becomes stronger every day but hackers along with fraudsters have found ways to stay ahead of the game. Read on to discover more about protecting your SIM.
What is SIM card hijacking?
The most common form of SIM card attack is a SIM swap.
Hackers use this technique to persuade your phone provider to move your phone number over to their device.
This causes any phone calls and texts to go to their mobile phone rather than yours. In other words, they use your sim cards to gain access to your data.
Other ways your SIM card can be hacked:
In 2019, researchers discovered a new threat to SIM card security where a link is sent via SMS to a victim's sim containing spyware.
If the user opens the link, the hackers use a code to spy on your texts, calls and location.
Both iPhone and Android users can fall victim to this attack.
SIM cloning is similar to SIM swapping but it is more hands-on and requires your SIM to be physically stolen out of your phone.
In a SIM clone attack, the hacker gains access to your SIM and makes a copy.
They use a smart card copying software to clone your sim and insert it into their phone - having access to all your data including; social media accounts, bank details and contacts.
What do hackers use SIM card hijacking For?
Hackers use this scam to steal data from you and access your private information.
What's in it for them? Not only do they get all your contacts but they also get all of your passwords too. It's the perfect crime for fraud as transactions can be made from your bank to theirs and look completely legit.
Many banks and websites use SMS verification to protect against SIM card hacking.
Most banks and businesses on the internet will send you a one-time pin every time you log in to their network to double-check that it's definitely you attempting to access the account. In most cases, this is a great way to prevent a hacker from sim swapping but modern cybercriminals have learned how to work around it.
Utilising two-factor authentication is far safer than single-factor verification i.e. password only. You are at even greater risk if you want to reset a password as the "reset your password" link will be sent to the hacker's sim card, not yours.
Phishing and SIM Card Hijacking
These two hacking tactics go hand in hand. Not only does the hacker now have access to your phone calls and texts but they can now send a text posing as you. They can use this to extort your contacts and get further private data from them.
A link containing a virus could be sent to a loved one and they wouldn't hesitate to click it as it is coming from your number, under the guise of a hacker with mal-intent.
Common targets of SIM hacking:
Social media influencers
Popular gaming channels
SIM hijacking can happen to anyone and it has never been a better time to learn how to avoid being on the receiving end:
Cybersecurity tips for avoiding SIM hijacking
1. Understand how SIM hijacking works
As with any scam, the first step in protecting yourself against it is to understand how the scheme works.
Scammers start the hijacking process by finding a target and collecting their personal information. They get hold of data like email addresses, mailing addresses, government-issued ID numbers, date of birth and more by trawling social media, setting up phishing attacks, or buying it from other online fraudsters.
Then, the hijackers contact your phone carrier. They use the information they’ve swiped to answer your security questions and convince your carrier to port your phone number onto a SIM card in their possession. Once they have access to your number and all your messages, the hackers can start breaking into your accounts, taking your money, stealing your social media handles and more.
2. Add a PIN to your phone account
Now you know how SIM hijacking works, the first measure you can take to prevent it is clear: harden your phone account by adding a PIN code. Most of today’s cell phone providers allow you to set up a PIN that you must state to make changes to your account. If you don’t have a PIN, hackers only need to know your easily obtained personal details to convince your phone carrier to port your number to a new SIM. To set up a PIN code, check your online phone account, call the customer service department, or head to your carrier’s local store in person.
3. Change to a 2FA app
Another great way to prevent hackers from bypassing your two-factor phone verification is to use a different verification tool altogether: an app. Two-factor authentication methods that use a 2FA app instead of a phone number are far more secure because they can’t be hacked using a SIM card. A fraudster would need to steal your phone and know your phone passcode to break into your account using a two-factor app, which is a very unlikely scenario given that most hackers work remotely.
4. Don’t put personal information online
Alongside hardening your accounts, you can avoid becoming a SIM hijacking victim by preventing hackers from accessing your personal information. To protect yourself against any type of fraud or identity theft, never put your phone number, date of birth, email address, or answers to security questions (like your first car, first pet, or maiden name) online. Look at your profiles on social media, online marketplaces, and web portfolios to see if you’ve put up any information that could be used to hack you. If you have, delete those posts as quickly as you can.
5. Don’t open phishing emails
Phishing emails are another common way hijackers get your personal information. These fake emails are set up to look like communications from your account providers, but all the information you send them goes straight to the fraudster targeting you. In general, the best way to avoid a phishing scam is to never click on links in emails that claim to come from your bank or other account providers. If you receive an email from your bank asking you to update your details, for example, do not click on the update link. Instead, go to your bank’s official website and log into your account to see if the request is legitimate.
6. Remove your phone number from your accounts
Remember that SIM hijacking isn’t just used to bypass two-factor verification. Hackers also use it to quickly and easily access accounts that are only secured by a password (such as Twitter, Instagram, and gaming accounts). You can stop hackers from resetting your password in this way by removing your phone number from all your social media and email accounts. If you must add a number to an account, use a VoIP number (like Google Voice) as these services can’t be SIM hijacked.
7. Know how to respond
If you do become the victim of a SIM hijacking scam, you’ll need to respond quickly and efficiently to minimise the damage.
First, make sure you know how to spot a hijacking. When a scammer gets access to your phone number, you won’t be able to make calls or send texts from your phone anymore. So, if you suddenly lose service or get a message that your SIM has been deactivated, contact your carrier to secure your account.
Alongside contacting your carrier, check your email account for notifications of suspicious login activity or changed passwords. This will let you know which accounts the attacker has logged into, so you can get in touch with those companies and take anti-fraud measures. You should also change the passwords on all your sensitive accounts, just in case the hacker has accessed them or plans to in the future.
And after you’ve responded to a hijacking incident, don’t forget to stay alert. If fraudsters could find your personal information once, they can do it again.
Even though there’s no surefire way to protect against SIM card hacking, our advice will prevent your SIM cards from an attack and equip you with the knowledge of contacting your network provider if they do gain access.