Your cell phone is making you vulnerable to cybercriminals. That statement may sound like a scare tactic, but unfortunately, it’s not. It’s a fact. And, it’s been a vulnerability for a few years now with a hacking technique called SIM jacking or SIM swapping.
SIM jacking is when a hacker steals (jacks) your SIM card. SIM cards are installed on all smartphones and contain quite a bit of personal information, including user identity, location, phone number, network authorization data, personal security keys, contact lists and more. In other words, they hold a lot of information about you. This means, when your SIM card is stolen, all of your personal information goes with it. Now, when we talk about stealing a SIM card, we don’t mean that someone physically takes it. Rather, the SIM card is transferred from the phone you are holding in your hand to another phone. Hackers make this transfer by calling your cell phone provider, answering a few questions and voila, the SIM card is transferred to their phone.
Right about now, you are probably thinking that this seems pretty challenging for a hacker, and not worth their time. Truthfully, it’s not that hard. Hackers can oftentimes find the necessary information they need to make this transfer on the dark web or from any of the many data breaches that have happened over the years. And, in other cases, they bribe employees at cell phone companies to make the transfer. In other words, making the transfer is on the low end of difficulty for hackers.
Once the transfer is made, these cybercriminals have access to a slew of things from your social media accounts, email accounts, your personal and professional contacts, and even financial accounts. Why? Because a lot of that information is stored on your SIM card or can be accessed through your hacked email account. Think about it. The last time you forgot your password for a social media account or your bank account, how did you recover the password? Yep, through your email!
Aside from the obvious reasons for stealing your bank account information, hackers may leverage your email accounts to uncover private messages, information about your contacts or take over your social media accounts and post offensive messages, and hold all of these accounts for ransom, or sell them. In short, these cybercriminals take over your digital life.
To top it off, you may not be aware of the attack, until they’ve gained access to your accounts.
Now, before you decide to ditch the smartphone and go off-grid, we have recommendations on how you can help protect yourself from SIM jacking. Fair warning, it will require some effort, but the effort far outweighs having your digital life snatched away.
Call your cell phone provider and ask about additional security measures that are available to make your account more secure. Many providers enable you to add a PIN code or security question that you must answer correctly in order to make major account changes. If your provider offers additional security measures, take advantage of those as well.
You probably added your cell phone number to your social media accounts or email account(s) because of the draw of “added security”. Remove it. Adding your cell phone number to these accounts ups the vulnerability factor. Instead, secure a VOIP, or Google Voice number and add that to your account. But, be sure to protect this phone number with a unique password and two–factor authentication.
SIM cards have security codes to prevent it from being used in a separate device. Access your SIM PIN through your phone’s settings and make the PIN more complicated.
Create strong, unique passwords for your digital world. And make it a habit to change them on a consistent basis.
This form of authentication means that two, or more, pieces of information are required before access is granted.
If you fall victim to SIM jacking, take action immediately:
Hackers look for vulnerabilities. Remove as many of those vulnerabilities as possible and make it harder for hackers to target you.