The FBI issued a public service broadcast last week warning that SIM-swapping assaults are 15 times more common now than they were only a few years ago.
Sim-swapping instances cost an estimated $12 million in losses throughout the course of 2018, 2019, and 2020, according to the bureau’s Internet Crime Complaint Center (IC3). That works out to around 107 complaints and $4 million in damages each year.
Contrarily, “IC3 received 1,611 SIM-swapping reports in 2021 with adjusted losses of almost $68 million,” according to the FBI.
What is the purpose of SIM swapping?
Thieves use wireless-carrier tech support workers to transfer phone numbers from a victim’s mobile SIM card to their own mobile SIM card by convincing, bribing, or misleading them.
The FBI highlighted that malware inserted into a carrier’s computer networks and data obtained from carriers in data breaches may both be used to do this.
“Port-out” scams, in which a second wireless carrier’s tech support is paid or persuaded into “porting” the victim’s mobile number from the victim’s carrier, are distinct from SIM swaps. It was recently revealed that 6,000 phone numbers from TracFone, Straight Talk, and other budget prepaid providers had been stolen by criminals.
Even yet, the final outcome remains the same the victim’s calls and messages are routed to the criminal’s device,” as the FBI phrased it.
Criminals may send “Forgot Password” or “Account Recovery” queries to the victim’s email and other online accounts linked to the victim’s mobile phone number, according to the agency.
What’s more, and why SIM changing is a major issue
A victim of SIM-swapping or port-out scams would be cut off from the network of their wireless carrier for a period of time until they were able to convince the carrier to switch their number back to them.
Unfortunately, internet businesses are already using phone numbers to verify consumer identification in the improper way. Many of your online accounts can be compromised in the span of a few hours if your phone number is compromised.
A one-time passcode or link is sent to the victim’s phone number, which is now in the criminal’s possession, via SMS-based two-factor authentication, according to an FBI public service announcement. To acquire access to internet accounts linked to the victim’s phone profile, the thief uses the codes to log in and change passwords.
It’s bad enough that someone can access your email and social media accounts if they have your phone number. The true goal, though, is where the money is: your online bank accounts and, in particular, any cryptocurrency accounts you may have.. SIM-swap and port-out hacks have resulted in the theft of millions of dollars in cryptocurrencies.
What you should know about SIM switching attacks and how to avoid them
Phone numbers were never intended to be used as a form of identification, much like SSNs. But that’s exactly what they’ve turned into.
A better method of proving identification will be developed over time, or wireless carriers will cease considering phone numbers as throwaway tokens that can be readily transferred between devices or persons. Phone numbers are now used by internet firms to authenticate identity.
To keep yourself safe while we wait, here are some things you can do.
- When it comes to money, don’t boast about it, particularly on social media.
- Don’t hand over your mobile account password or PIN to anyone claiming to be tech support. Make your own phone call to the service provider to verify that nothing is amiss.
- Keep your cell phone number private.
- If you have many online accounts, don’t use the same password across them. Instead, use one of the most popular password managers.
- If a more robust two-factor authentication alternative is available, don’t utilise SMS-based two-factor authentication to safeguard an online account. Apps, physical security keys, and biometric identifiers like fingerprint or face readers are all more secure than SMS text messages when it comes to authenticating accounts.
SIM swapping: What to do if you become a victim?
Because wireless-carrier staff have ultimate control over SIM switching, you can’t completely block it. Even if you’ve followed all of the following safeguards, you may still be a victim.
The following steps should be followed in the event that this does occur to you.
- Try to get your phone number back by contacting your mobile service provider right away. To prove your identity, you may be required to supply a large amount of information.
- All of your internet accounts should have new passwords. Password managers may assist here as well.
- Notify your banks and other online financial organisations (including cryptocurrency exchanges) that your accounts are at danger of being hacked.
- Set up a fraud alert or a credit freeze on your credit reports to protect yourself against identity theft.
- Any unusual activity should be reported to your local police or FBI field office.
- The Internet Crime Complaint Center of the FBI would want to hear about what occurred.
- One of the best identity theft protection services is worth considering.