SIM Swapping - How to Avoid This Malicious Hack
As individuals continually gain more freedom in the workplace as it relates to where they work and what device they use, it becomes imperative that we all ‘clean’ ourselves up in the cyber hygiene department! One of the hot topics these days is SIM swapping. What the heck is SIM swapping? In a nutshell, it’s essentially a takeover of that little bitty card that is inserted in the side of your phone in order for you to send text messages and take phone calls. A malicious hacker could call your service provider, convince them they are the account holder, and inform them that ‘you’ lost your phone and need a new SIM card activated. This simple social engineering attack makes your mobile carrier an unwilling accomplice in a quite popular crime. What can they do with a new SIM? They can take over your accounts that rely on text messages as your multi-factor authentication, for starters. They can create new accounts with your number, route existing accounts to new numbers, or even drain bank accounts.
So how do you prevent something like this? For starters, DON’T set up text messages as your second form of authentication. Use an Token Authenticator app, like Google Authenticator or Okta Verify. Also, for iPhone users, here is an obscure tip: go to ‘Settings > Cellular > SIM PIN. You will be prompted for a PIN but this is NOT your normal PIN. It’s your carrier’s default PIN (search ‘[CARRIER NAME] SIM PIN’ on Google). Once you’ve entered it, you’re able to set your PIN to whatever you want and greatly mitigate your risk of this particular attack.