Everything you should know about SIM swapping- what is it, how it is done and how to keep yourself safe?
There have been several cases where individuals have fallen victim to SIM swapping attacks. These included Twitter Co-founder and CEO Jack Dorsey.
SIM swapping or SIM swap scam is another cyber threat to individuals in this growing digital age. We are so used to the convenience of mobile phones; from calling to financial transactions, everything is just a touch away.
In this blog we’ll discuss about a threat that every mobile phone user must know and take due diligence of. We will also explain the most effective way to mitigate the risk of a potential SIM hijack. If you use mobile for transactions, you must definitely take it seriously (just an advice).
What is SIM swapping?
We may swap our SIMs for several reasons- upgrading to 4G from 3G, when the SIM stops working or if we lose our SIM. In all these cases we deactivate our old SIM and issue a new one through our services provider.
The difference between us getting our SIM swapped and a fraudster doing it is a malicious intent.
SIM Swapping is a common attack where attacker seize control of your phone number. We remain unaware that someone has got our existing SIM blocked and controls our number with a new SIM. This is a theft of our identity and a lot more things than that.
SIM swapping, SIM jacking, SIM hijacking all mean the same thing.
How does it work?
This is how an attacker typically does the SIM jacking attack-
The fraudster will first collect your personal banking information through phishing, vishing, smishing or any other means. Just in case,
- Phishing is a way of collecting information from a customer by sending fake mails.
- Vishing is a way of collecting private information for identity theft by calling a customer posing as an authorized personnel.
- SMiShing is a security attack in which the user is tricked into downloading a malware onto his cellular phone. SMiShing is short for “SMS phishing.
This information may include your name, physical address, phone number, date-of-birth, or whatever information the attacker is looking for.
Then the fraudster uses this information to impersonate you before your service provider and manipulate them emotionally.
They generally call your service provider and using your identity they make up an emotional story to get your existing SIM blocked and a new one activated.
Once they have your SIM, all your financial SMSs like OTP alerts and other financial alerts or transactions confirmations are delivered to them. This gives them access to your credit card(s), bank account(s) and every other things that are linked with your number.
SIM Swapping attacks are increasing in India too. In January 2019, a Mumbai-based businessman was cheated for Rs 1.86 crore. In June 2019, a senior citizen reportedly lost ₹25 Lakh from his bank account to a SIM swap fraud.
How to protect yourself against these attacks?
Every problem has a solution and so is with SIM swapping attacks. Here’s what you should do to minimize the risk of falling a victim of this type of attack-
Limit the personal Information your share online, especially your phone number.
This is an important step that you can take to avoid the risk of losing your identity and money. If possible, limit the amount of personal data you share on social media sites. This is where most hackers are able to get your data from and use it to answer security questions required to verify your identity and hijack your SIM. In fact, don’t share your personal data on internet if there is no need to.
Never share your personal details on call.
Attackers often pose as executives of banks, insurance company or your service provider in order to collect your information. This is an example of phishing attack that we discussed earlier in this post. Scammers try to access your cellular, bank, credit or other accounts using your identity. Therefore, NEVER share your personal details to anyone on call if they sound suspicious (or otherwise).
Avoid using your phone number for multi-factor authentication.
You can try to look for alternatives like Email or authentication apps like Google Duo for verification/authentication. It would result in making you SIM fairly useless for the scammer because he won’t receive the OTPs for financial transactions, for instance.
Keep your phone and anti-virus software updated.
This is to ensure that the security holes are patched and hackers aren’t able to sneak into your phone using malware. This will avoid data theft and ultimately keep your SIM safe as well.
Set up a PIN or password on your cellular account.
Set up a PIN on your account because this makes it difficult for criminals to take control of your SIM. In fact, your service provider representatives can’t make changes to your account without that PIN. So it acts as a strong layer of defense. Contact your network service provider for this purpose.
The entire purpose of sharing this information with you is to educate you about cyber security. We hope to aware you about the measures that you can take on individual level to mitigate cyber security risks. So please don’t panic after reading this blog. Rather, try to use technology safely. One of the main objective of technology is to provide convenience to us but a few bad guys are spoiling this agenda through their unscrupulous activities.
To stay updated about cyber security read and subscribe to our blog- 4IR Blog.
Do check our advanced courses on Data Science, Data Analytics and Cyber security if you want to excel in your field or start a great career.