Hackers have found another way of getting into people’s private information by activating your phone number on a different SIM card. Once gaining control of someone’s phone number attackers can then bypass any text or call-based two-factor authentication and gain access to your private or personal accounts. Wireless Carriers such as AT&T, T-Mobile, Verizon, Tracfone, and US Mobile, are vulnerable to this exploit. This attack has been used against many celebrities such as Jack Dorsey and Justin Bieber, and it has also resulted in a $220 million lawsuit against AT&T.
A SIM swap attack can be done with relative ease, which is the scary part. Using social engineering, a hacker could pose as the victim by calling customer care and requesting a simple SIM swap to a new device. Once on the phone, the hackers would purposefully provide the customer care agent with incorrect information which would result in the customer service staff to resort to other methods of authentication. Amer Owaida at welivesecurity writes about a test that was conducted by researchers to find out just how easily this attack could be done. According to Amer, “The customer service staff resorted to other methods of authentication, some of which turned out to be easily subvertible. The questionable methods included asking about recently dialed numbers or recent payment information.”
How Can I Tell If I have been Simjacked?
If a hacker is successful in gaining access to your sim card and swapping it over to his phone, a few things will occur on your device. First of all, your phone will not be able to accept any text messages or phone calls. Once a new SIM card is activated on a device, the previous SIM card becomes invalid and will not be able to accept any new calls or text messages. Secondly, if a SIM has been successfully activated on a separate device, then you should receive a notification from your provider that this SIM has been activated somewhere else. Appropriate action must be taken as soon as a suspected SIM attack is taking place, and if you receive any of these notifications you must contact your wireless carrier immediately.
How Can I Prevent a SIM Swap Attack?
The easiest way to protect yourself from a SIM swap attack is by having the appropriate security measures on your personal wireless accounts. Every major U.S wireless carrier offers the option of adding a PIN or passcode on your account, and this PIN or passcode should not be shared with anyone. This will add an extra layer of protection that a hacker will have to go through before gaining access to your personal wireless account.
Secureninja is an award-winning training and certification school, and Secureninja has a proven track record of assisting Fortune 100, Government, and Military organizations. For more information on how Secureninja can benefit you or your organization fill out the form to the right of this post or visit secureninja.com/contact.
Sources - https://www.welivesecurity.com/2020/01/13/major-us-wireless-carriers-vulnerable-sim-swap-scams/