Cybersecurity: What is SIM swapping; how to protect yourself

Cybersecurity: What is SIM swapping; how to protect yourself
© Shutterstock Cybersecurity: What is SIM swapping; how to protect yourself

It is a fact that cyber-attacks aimed at stealing personal data are increasing.

While most people are aware of “phishing attacks”, very few are aware of the dangers of so-called “SIM swapping”: where cybercriminals get their hands on a copy of a victim’s mobile “SIM card”. With a duplicate “SIM card”, they can then bypass the “two-step verification process” that protects services such as banking apps.

The problem is so serious that the FBI has issued a warning about “SIM Swapping”, according to a related announcement from “Check Point Software Technologies”.

What is “SIM swapping”?

“SIM swapping” occurs when a cybercriminal obtains a copy of a user’s “SIM card”.

However, to do so, it first needs access to the user’s personal data —such as “ID”, phone number and full name— which can be obtained using “phishing techniques”. The cybercriminal then simply contacts that user’s mobile phone provider and impersonates him over the phone, or online, or even by visiting a physical store.

Once the copy of the “SIM” is obtained, he only needs to insert the card into a device to gain access to all information and data on the victim’s account; including their call logs and message history. From that point on, he has full control and it’s easy to access his victim’s banking app and steal his money by moving it to another account. Although this requires the use of a “verification code”, remember that the attacker has access to the victim’s mobile line, as well as any code intended for it.

How to stay safe:

  • Be careful with your personal data: this is the information cybercriminals need to copy your “SIM card”. This is why it is so important to be careful about the websites you visit. Make sure that the website in question is official and has all the various security measures, such as encrypted connection. Look for the “lock symbol” in the address bar —which indicates that it has a valid security certificate— and that the “URL” begins with “httpS://“; if it doesn’t end with “S://”, it could potentially be a dangerous page.
  • Be aware of “phishing”: you need to know the telltale signs of a phishing attack to prevent them from gaining access to your personal data. Watch out for emails and text messages with spelling mistakes, even if you know the sender. Pay close attention to the “domain” to make sure it is genuine. The same goes for strange links, or attachments. Often, such details are signs of a “phishing” attack.
  • Watch out for signal loss: an easy and sure way to know that there is a dual “SIM card”, is that your mobile signal will be completely lost, as you will have in your hands a phone with a “SIM card” that will not have no mobile network access. As a result, you will no longer be able to make or receive calls and messages. If this happens, you need to contact the authorities and your mobile operator so that they can deactivate the “SIM card” and start the process of recovering your data.

“Cybercriminals are always looking for new ways to access your data to achieve their goals. It is important that everyone is able to spot the signs of an attack. If people are not aware of the basic indications, they automatically put themselves in very great danger and are very likely to suffer correspondingly very serious consequences. For example, he could see his bank account emptied, or become a victim of identity theft, which allows cybercriminals to purchase goods and services over the Internet in their victim’s name,”

warns Konstantina Koukou, Channel Account Manager & Evangelist, Check Point Software Technologies.

Source:


Σᾶς ἀρέσει τὸ ἂρθρο; / Do you like this post?
+1
0
+1
0
+1
0
+1
0
+1
0
+1
0
+1
0
(Συνολικές Επισκέψεις: / Total Visits: 30)

(Σημερινές Επισκέψεις: / Today's Visits: 1)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.