When the internet was new, passwords were state of the art in personal protection. Back then, a strong password was all you needed to protect your accounts, your assets, and your identity, but the hackers have learned a great deal in the intervening years.
As hackers got better at guessing passwords and breaking encryption, the security world responded by setting up two-factor authentication, or 2FA. This advance, they calculated, would render those stolen passwords useless by requiring a special code sent to the user’s smartphone.
That 2FA worked very well, but eventually, the hackers found a way around it, and that is what SIM swapping is all about. You may be familiar with the tiny SIM card in your smartphone, the minuscule brain that makes it work and ties it to your phone number, but like all things technological, it is subject to abuse. That is what SIM swapping is all about.
SIM swapping attempts often begin with a bit of social engineering. The hacker calls the carrier pretending to be a victim claiming their phone was lost or stolen, and that they need their old number ported to the new device they just purchased. If they do their job well, the hacker persuades the representative to do what they ask, and suddenly the victim’s phone number now belongs to them.
Sometimes a SIM swap attack does not come from the outside at all, and that makes it all the harder to shut down. In a growing number of cases, groups of hackers will hire an employee of the company, slipping them money under the table in exchange for facilitating their nefarious deeds.
No matter where they come from or how they originate, SIM swapping attacks are bad news. If you want to protect yourself, your phone number, and your identity, being protective is essential. Here are 10 tips to get you started.
- Keep an eye out for incoming text messages or the lack of them. Once the SIM swap has been completed, the hacker will start getting your text messages, and that means you will not. Keeping an eye on your inbox and taking action swiftly could blunt the impact of the SIM swap and make it easier to get your number back.
- Protect your carrier account with a unique passcode. It’s important to set your account up with a strong passcode, one that will be easy to remember but difficult for others to guess. Avoid obvious passcode combinations like birthdates, ages, and the like — the more unique you can make the code, the safer you will be.
- Add a PIN to your SIM card. If you can, adding a separate PIN code to the SIM card itself can provide an even higher level of protection. Not all carriers allow this but ask if yours lets you set a SIM-specific PIN code.
- Avoid security questions that can be found in public records. Setting security questions can be a good way to safeguard your account, but only if the answers are known only to you. From maiden names to former addresses, a frightening amount of information is available in public records, and using those as security questions is extremely risky in the age of SIM swapping.
- Try using off-the-wall answers to security questions. One way to make sure no one can guess the answers to your security questions is to make them up out of whole cloth. Off-the-wall answers that are easy to remember but hard to guess are great for protecting your identity from SIM swaps and other online dangers. The customer service rep might laugh when you say your mom’s maiden name was Catcher in the Rye, but they will surely laugh along with the joke.
- Use app-based or hardware-based two-factor authentication if it is offered. Traditional two-factor authentication provides a basic level of protection, but it may not be enough to safeguard your assets and your identity. If possible, opt for app-based and hardware-based authentication that uses smartphone apps or hardware dongles to verify identity.
- Check your phone service regularly. Even if you do not normally make phone calls, it’s important to ensure your service is still working. The sudden inability to make and receive phone calls is often the first sign of a SIM swapping attack.
- Act fast to mitigate the damage and recover your phone number. If you believe you have been a victim of SIM swapping, fast action could mean the difference between a minor annoyance and a disaster. Even if you are unsure what has happened, call the carrier right away to get your number back.
- Change your passwords right away. The end goal of most SIM-swapping schemes is to gain access to bank accounts, brokerage accounts, and cryptocurrency wallets. Checking those accounts for unauthorized activity, changing the password right away, and notifying the company in question of the breach are all actions you should take in the wake of a SIM-swapping attack.
- Use a free service to create a second secret phone number. If you want to increase your protection even more, you might want to set up a second, secret phone number that works with two-factor authentication but stays hidden from the prying eyes of the internet. Services like Google Voice make it easy to create your own secondary phone number, one you can use to protect yourself even more.
In the modern world, people rely on their smartphones more than ever. Their smartphones are part digital wallets, part internet gateway, and part texting device, and yes, even part phone.
That means losing access to your phone number is more than an annoyance — it could be a financial and personal disaster. If you want to protect yourself in an increasingly dangerous technological world, taking the 10 tips listed above is a good place to start.