Your cell phone is making you vulnerable to cybercriminals. That statement may sound like a scare tactic, but unfortunately, it’s not. It’s a fact. And, it’s been a vulnerability for a few years now with a hacking technique called SIM jacking or SIM swapping.
SIM jacking is when a hacker steals (jacks) your SIM card. SIM cards are installed on all smartphones and contain quite a bit of personal information, including user identity, location, phone number, network authorization data, personal security keys, contact lists and more. In other words, they hold a lot of information about you. This means, when your SIM card is stolen, all of your personal information goes with it. Now, when we talk about stealing a SIM card, we don’t mean that someone physically takes it. Rather, the SIM card is transferred from the phone you are holding in your hand to another phone. Hackers make this transfer by calling your cell phone provider, answering a few questions and voila, the SIM card is transferred to their phone.
What do they have access to?
Right about now, you are probably thinking that this seems pretty challenging for a hacker, and not worth their time. Truthfully, it’s not that hard. Hackers can oftentimes find the necessary information they need to make this transfer on the dark web or from any of the many data breaches that have happened over the years. And, in other cases, they bribe employees at cell phone companies to make the transfer. In other words, making the transfer is on the low end of difficulty for hackers.
Once the transfer is made, these cybercriminals have access to a slew of things from your social media accounts, email accounts, your personal and professional contacts, and even financial accounts. Why? Because a lot of that information is stored on your SIM card or can be accessed through your hacked email account. Think about it. The last time you forgot your password for a social media account or your bank account, how did you recover the password? Yep, through your email!
Aside from the obvious reasons for stealing your bank account information, hackers may leverage your email accounts to uncover private messages, information about your contacts or take over your social media accounts and post offensive messages, and hold all of these accounts for ransom, or sell them. In short, these cybercriminals take over your digital life.
To top it off, you may not be aware of the attack, until they’ve gained access to your accounts.
Steps to protect yourself
Now, before you decide to ditch the smartphone and go off-grid, we have recommendations on how you can help protect yourself from SIM jacking. Fair warning, it will require some effort, but the effort far outweighs having your digital life snatched away.
- Harden Your Account
Call your cell phone provider and ask about additional security measures that are available to make your account more secure. Many providers enable you to add a PIN code or security question that you must answer correctly in order to make major account changes. If your provider offers additional security measures, take advantage of those as well.
- Remove Your Cell Phone Number From All Accounts
You probably added your cell phone number to your social media accounts or email account(s) because of the draw of “added security”. Remove it. Adding your cell phone number to these accounts ups the vulnerability factor. Instead, secure a VOIP, or Google Voice number and add that to your account. But, be sure to protect this phone number with a unique password and two–factor authentication.
- Change Your SIM Card PIN Code
SIM cards have security codes to prevent it from being used in a separate device. Access your SIM PIN through your phone’s settings and make the PIN more complicated.
- Set Strong, Unique Passwords
Create strong, unique passwords for your digital world. And make it a habit to change them on a consistent basis.
- Enable Multi-Factor Authentication
This form of authentication means that two, or more, pieces of information are required before access is granted.
If you are a victim to SIM Jacking
If you fall victim to SIM jacking, take action immediately:
- Contact your cell phone provider and explain the situation. They should be able to determine if the attacker made additional account changes that might prevent you from regaining control of your account.
- Log in to your social and financial accounts from a computer and change passwords. If you are not able to log in (meaning, the hacker has already gained control), contact each provider. We recommend starting with your financial accounts.
- Log in to your email account and change the password. If your email is associated with other accounts, it can be used as a way to change other account passwords through the “forgot your password” function.
Hackers look for vulnerabilities. Remove as many of those vulnerabilities as possible and make it harder for hackers to target you.