A recently published study showed how easy it is for hackers and fraudsters to gain control over your telephone number, which could potentially lead to thousands of dollars in fraud ̵
The SIM card in your phone is a small plastic chip that tells your device which mobile network to connect to and with which phone number. We rarely think of SIM cards, except perhaps when we get a new phone.
But here's the problem – hackers know that SIM cards are a fairly simple access point when it comes to copying someone's phone number and in turn gaining access to their online accounts.
SIM swapping takes place when someone contacts your wireless network provider and can convince the call center agent that you are in fact you and using your personal information.
They do this by using data that is often exposed to hacks, data breaches or information that you publicly share on social networks to mislead the call center to switch the SIM card associated with your phone number and replace it with a SIM card . in their possession.
Once your phone number is assigned to a new card, all your incoming calls and text messages are forwarded to the phone in which the new SIM card is located.
At first glance it seems somewhat harmless. But when you consider that most of us have linked our phone numbers to our bank, email, and social media accounts, you soon begin to see how easy it would be for someone with access to your phone number to get your full online presence.
Matthew Miller, a CNET sister site employee, ZDNet, was the victim of a scam with SIM swaps last year and he is still experiencing the fallout. The person who took Miller's phone number was given access to his Gmail account and immediately changed his password, then deleted every email, deleted every file in his Google Drive account, and eventually deleted his Gmail account.
Miller later discovered that he was the target because he had a Coinbase account and his bank account was linked to it. Miller & # 39; s phone received the two-factor authentication codes from his Coinbase account, allowing the hackers to log into his cryptocurrency trading account and buy $ 25,000 from Bitcoin. Miller had to call his bank and report the transaction as fraud. That comes on top of the immense vulnerability that he felt.
An unlawfully obtained gain for someone who takes over your telephone number is direct access to all two-factor authentication codes (2FA) that you receive via SMS, the pin code that an institution sends you to verify that you are who you say you are. This means that if they have your password, they are just a few clicks away from logging in to your e-mail, banking or social media accounts.
And if someone gains access to your email account, they can change their passwords and search your email archive to make a list of your full online presence.and use app-based codes instead. Serious.
What can you do to prevent SIM accounts from being exchanged for your account?
You can reduce your chances of someone gaining access to and taking your telephone number by adding a pin code or password to your wireless account. T-Mobile, Verizon, Sprint and AT&T all offer the possibility to add a pin code.
Some companies, such as Sprint, require that you set a PIN code when you sign up for service. However, if you are unsure whether you have a PIN code or if you need to set it, do the following for each of the four major US airlines.
- Sprint customers : Log in to your account at Sprint.com and then go to My Sprint > Profile and security > Security information and update the pin code or security questions and then click on Save .
- AT&T subscribers : Go to your account profile, log in and then click on Login info. If you have multiple AT&T accounts, select your wireless account and then go to Manage additional security under the Wireless access code . Make your changes and then enter your password when you are prompted to save.
- T-Mobile users : Set a PIN or password when you first log in to your My T-Mobile account. Select Text messages or Security question and follow the instructions.
- Verizon Wireless customers : Call * 611 and request a Port Freeze on your account, and visit this web page for more information about enabling Enhanced Authentication on your account.
If you have service through another network provider, call their customer service number to ask how you can protect your account. You will most likely be asked to create a PIN code or access code.
When creating a pin code or access code, keep in mind that if someone has enough information to pretend to be you, you are using a birthday, anniversary or address because the pin code will not lower it. Instead, create a unique access code for your provider and save it in your.
How do you know if you have been affected?
The easiest way to determine if your SIM card is no longer active is to completely lose the service on your phone. You may receive a text message stating that the SIM card for your number has changed and to call customer service if you have not made the change. But with your SIM card no longer active, you cannot make calls from your phone – not even customer service (more on this below).
In short, the quickest way to determine if you are affected is whether your phone is completely out of service and you cannot send or receive text messages or phone calls.
What should you do if you fall victim to SIM swap fraud?
The truth is that if someone wants access to your phone number bad enough, they will do anything to mislead your provider's support representative. What we have described above are best practices, but they are not watertight.
Researchers could present themselves as account holders who had forgotten their pin code or access codes, often with the recent numbers called by the account holder. How do they know those numbers? They have seduced the account holder to call a few numbers – or even worse, phone numbers for incoming calls to the account they want to take over, which means that the villain simply had to call the phone number of the target himself.
Once you realize that you have lost the service on your mobile device, call your service provider immediately and let them know that you have not made the changes. The courier helps you to restore access to your telephone number. I cannot emphasize this enough – do not wait to call . The longer someone has access to your telephone number, the more damage they can cause.
These are the customer service numbers for each major courier. Place the number of your provider in your telephone as a contact:
- Sprint : 1-888-211-4727
- AT&T: 1-800-331-0500
- T-Mobile: 1-800-937-8997
- Verizon: 1-800-922-0204
With your SIM card deactivated, you cannot make calls from your phone, but at least you have the number handy to use on someone else's device.
You also want to contact your bank (s), credit card company and check all your online accounts to make sure that the offender has not changed your passwords or has carried out fraudulent transactions. If you find transactions that are not yours, call your bank or visit a branch immediately and explain the situation.
Remember, no matter how many pin codes or passwords we add to our online accounts, there is still a chance that someone will find a way to break into it. But at least by setting an access code for your account and knowing what to do if you find yourself falling victim to SIM swapping, you are prepared.
Another critical aspect of strong online security is the use of ato create and store unique passwords on your behalf. In addition, enable for each account that offers this.
Originally published last week. Updated routinely.