SIM hacking is essentially a newer form of identify theft. It allows someone to gain access to your e-mail, and bank accounts and anything else you have access to online. And for some, it’s apparently quite easy!
Here’s how it works…
Through your Instagram, Facebook and other online accounts, a fraudster looks for people who post lots of personal and public details about themselves online. Names, addresses, family members, etc. are all gleaned to look for clues. As an example, I typed in the name Mary Webster (and I know no-one by this name), and then I looked for any of those folks on Facebook. I did find a profile that had lots of information, and it contained their birthday, spouse details, where they lived (not full address, but city/state, which is enough, and also their children’s names. Then, you can jump over to Twitter, and other sites to get more information about that same person.
The idea behind this practice is no different than what anyone would need to do in order to gain access to your personal information, so that they can impersonate you. With enough information collected, they then can call up the mobile carrier and in pretend to be you. They tell the mobile carrier that they accidentally lost their cell phone or destroyed their SIM card, and convince the carrier to assign the telephone number to a new SIM card (that they just bought). If enough personal details are confirmed on the phone, the “swap” takes place.
From there, the thief now has YOUR telephone number. All they then have to do is pop the SIM card into their phone and attempt to log in to your Facebook and other sites that use text message code verification. The code will arrive onto their phone and they will then gain access to your account.
And it doesn’t stop there. Once someone HAS your phone number, and some other personal details that they gleaned online, they could gain access to your email accounts. From there, it gets real bad! Within moments you can lose access to your banking information, money will be withdrawn from your accounts, and worse — by the time you figure out anything is wrong, it will be too late.
So you might wonder… is there any good news here? Is there anything that can be done to prevent this from happening?
The short answer is YES, but nothing is perfect. Many security companies are advising that you should promptly CALL your mobile carrier and give them a 4 or more digit PIN code that needs to be used to gain access to your account. Only you know this number and once it’s locked in, it will be required for you to provide it to your mobile carrier every time you call.
This step is a first great step in the right direction of ensuring that your mobile number is not swapped to another SIM card without your permission. Another thing you should do is AVOID having text message codes sent to your mobile number. Use a stronger 2 Factor authentication method instead, like Microsoft Authenticator. Text message codes are NOT as secure as we think, and it’s best to avoid them.
Share this with those you know, to prevent problems later. Click the share buttons below to post this!