What is a SIM Swap Attack and How to Prevent it?
The resources that cybercriminals use to steal our money and cryptocurrencies seem to have no limits since they almost always manage to overcome any security measures put before them.
There is a telephone fraud known as ‘SIM Swap Attack’ or ‘SIM Swapping’ that cybercriminals are using to gain control of our cellphone number and use it in order to usurp our identity for various purposes.
Hundreds of people have reported being victims of this fraud, something that highlights the weakness of some digital security mechanisms, such as the use of SMS messages for two-factor authentication systems (2FA).
So today, let’s take a look at what is a SIM swap attack and how to prevent it.
What is SIM swapping and how does it work?
A SIM Swapp Attack or SIM Swapping is a scam method in which cybercriminals try to gain control of your cellphone number; this is in order to access the security codes used in the two-factor authentication system (2FA) through SMS.
In case you are unfamiliar with what 2FA is, this is a security method used to protect access to user accounts on the web in which, in addition to a username and password, you must enter a security code sent to your mobile phone via SMS – although there are also other alternative ways.
This security method is used to authenticate and access the online platform in which you are registered, be it banks, online crypto wallets, social networks, and other websites.
In order to be successful at this scam, criminals must convince your mobile operator to transfer your cellphone number from the original SIM card to another SIM card in possession of such criminals in order to gain access to the security code sent by SMS.
This scam method has been widely used to impersonate identities on the internet, especially on social networks, with the objective of making “jokes” or intimidating certain personalities but also to steal funds in fiat and cryptocurrencies.
This is how SIM swapping works
A SIM Swapp Attack is possible when the two-factor authentication system is based on receiving a security code via text message on your cellphone. To do this, scammers try to gather as much personal information about you as possible, either by searching on social media or by other means.
Once they have the information they need, these scammers call your mobile phone carrier and trick the operators into thinking that you are the one that’s calling. They’ll then ask the operator to make a duplicate of your SIM card, indicating that theirs (yours) has been lost or stolen.
Naturally, they’ll have to pass some security questions, but for this, they have the resource of all the information they were collecting about you on social networks. If the operator falls for the deception, he’ll deactivate the original SIM and activate the one in the scammers’ hands, assigning him the original cellphone number.
Now that the criminal has control over your mobile number, he’ll try to access the user accounts that you have on the web such as your bank, or your crypto exchange accounts such as Coinbase, Binance, Gemini, etc. with which you have established 2FA as the second layer of security.
Of course, the cybercriminals must have knowledge of your username and password on the different websites they want to enter, but it is most likely that they’ve already obtained this information by applying different phishing techniques.
Now that they’ve managed to enter your accounts, the identity theft and looting of your money, bitcoins held in exchanges, etc., begins…
The consequences of SIM swapping
As we already mentioned, the main objective in a SIM swap attack is to steal money or impersonate someone – usually someone famous or with some influence, but also everyday people just going on with their lives.
Many users on Twitter have reported on how they suddenly stopped receiving a signal on their mobile phone only to realize that when they arrived home and connected their mobile to their WiFi and logged into their bank account, their bank account had been emptied.
Scammers manage to duplicate the mobile phone numbers and with the confirmation SMS, they manage to make various transfers and extract your money little by little. In some cases, the victims successfully manage to cancel the transfers and lock the account after many efforts, but not all victims are so lucky and instead, they ended up without a penny in their account.
Something similar has also happened with users who had their cryptocurrencies held in online wallets at crypto exchanges. Some of them have also fallen victim to SIM swapping.
Many influential figures in the crypto ecosystem have been victims of SIM swapping and there have been some reports where millions in cryptocurrencies have been stolen.
On the other hand, this digital scam method has gone so far that it has allowed cybercriminals to take control of social media accounts and temporarily impersonate another identity, as was the case with Twitter co-founder Jack Dorsey – probably the most high-profile SIM swap victim at the time of this article’s publishing.
The attacker managed to gain control of Dorsey’s device and publish some offensive posts in a racist tone. This was possible because a telephone operator in the United States allowed the attacker to obtain a duplicate of Dorsey’s SIM, which in turn allowed this attacker to use the function of posting on Twitter via SMS messages.
These offensive messages provoked an immediate reaction from Dorsey, who quickly announced that Twitter would disable the sending of messages to the social network via SMS.
How can you tell if you have been SIM Swapped?
The signs of a SIM swap attack usually appear suddenly to the victim and unfortunately, they usually only understand what is happening when it is too late – in most cases, they don’t even suspect what’s happening.
That is why it’s so important to always be alert and suspicious of the slightest strange event that occurs in the normal operation of your devices, social networks, and user accounts.
The following are the top three signs to watch out for when suspecting a SIM swap attack.
1.- Your message and call services don’t work
The first and most obvious sign of SIM swapping is the inability to send and receive calls and text messages with your mobile phone. This indicates that the attacker has already taken control of your phone line.
2.- You receive activity notifications
Some services on the web often send notifications to their registered users when their systems detect an attempt to access an account from another device not recognized by such systems. This is another important sign that you should pay close attention to.
3.- You cannot access your user accounts
If you try to enter your bank account, crypto exchange, online wallet, or social networks and receive messages like:
“There is already an open session,” or “your password is incorrect.”
Even if you are 100% sure that you have not performed any of these actions, it is very likely that they already have control of your accounts. Try to contact the providers of these services as soon as possible.
How to prevent SIM swapping
Before giving you some security tips to prevent SIM swapping, it’s important that you are clear that there is no method that provides 100% security to prevent these thefts. Of course, some security methods work better than others, and being aware of these types of scams is a good defense you can use against any sign of a scam attempt.
In this sense, try to keep up to date on cybersecurity news in order to learn more as a user about the different phishing techniques in order to avoid them:
- Don’t reply to emails from unknown individuals or organizations – it could be phishing
- Don’t provide personal information on social media or questionable websites
- Change the passwords on your user accounts on a regular basis
- Set PIN codes and security questions for any user account that allows it
Take into account that there are also other authentication methods more robust than SMS. For example, Google Authenticator or Authy is a 2FA alternative that instead of relying on sending SMS, relies on the identification of your device’s hardware. This means that, in order to have access to this security code, the thief would also need to have access to your mobile phone.
Another option that is even more robust and interesting is using a U2F (Universal 2nd Factor) key, an open authentication standard that is based on the use of physical keys similar to a USB key, and whose latest implementation is the FIDO2 standard.
These physical keys are based on two-step authentication, but instead of relying on an email, SMS, or other types of code that can be intercepted remotely, you have a piece of hardware that can identify you on any device associated.
On the other hand, if you detect that your SIM card is not working or that you receive messages about movements that you haven’t made in your accounts, contact your mobile provider and check if it’s an illegal duplicate. In that case, review all your bank accounts and other services that may be compromised and try to change any passwords you have ASAP.
Conclusion
Cybercriminals don’t stop trying to break even the most advanced security measures, no matter how novel, weird, or robust they may be. In the end, they always end up finding a security breach that they can take advantage of to commit their criminal acts.
It is for this reason that security companies and the different organizations that require their services are in a constant search for new, safer methods. But even so, nothing can beat the number one factor in our opinion, prevention.
If you are constantly alert and take the necessary measures for each case, in addition to adding several security layers, you can make the job of cybercriminals much more difficult. Remember the saying, put your trust in Allah, but still tie your camel.