Being a victim of SIM Swapping can lead to many problems. It is a type of computer attack that opens the doors of our lives to criminals through the SIM card on our mobile phones.
The word “Swap” means exchange, but to understand it better, we should translate it as a duplicate. Sim Swapping consists of duplicating our mobile SIM card and, through it, stealing our identity.
There are many cases that, for years, have witnessed the effects of this type of attack. The simple duplication of the card may seem silly, but its consequences are a chain of disasters that are very difficult to repair.
If you start having problems with coverage on the phone, the more you think about your savings. Most people will blame their cell phone or the phone company first. However, they may be related. When a SIM card is duplicated, the first one stops working, and all calls, messages, and data lines go to the duplicate. This is when most victims realize that something is wrong and notify their operator. But the problem is even more serious.
The Consequences
Cybercriminals can obtain a large number of personal data through the SIM card and take control of social networks, bank accounts, or payment subscriptions. It is a fairly common type of attack. About a year ago, Twitter founder Jack Dorsey was a victim of this technique, and criminals were able to access his account on the social network and post some messages impersonating his identity.
By duplicating the SIM card and receiving your SMS, criminals can use the two-factor authentication system and change passwords or make movements in your bank accounts. Two-factor verification, for those who do not know it, involves sending an SMS to the mobile with a password to verify that you intend to make changes to the account, but in this case, the password would end up in the hands of criminals.
Making the duplicate is fast and particularly easy. It is a process that you can request yourself, but you need to have some personal information. In most cases, the victims themselves inadvertently give this data to the attackers, using deception techniques.
Cybercriminals use social engineering to manipulate us and ask for data through fake emails and very juicy offers. Other computer attacks, such as phishing, are based on these deception techniques. They give them the information to perform SIM Swapping.
What can we do to avoid being victims of these attacks?
Before giving you some advice, it is important to clarify that no methodology ensures 100% that we will prevent these thefts. Knowing them and knowing what can happen to us is the best shield we can create to stay alert to any symptoms that they are scamming us.Â
Being aware of cybersecurity news as users, we can learn about phishing techniques and avoid them: not answering emails from people we do not know, not giving personal information on social networks or on pages that are not safe, etc.Â
Second, if you detect that your SIM card does not work or that you have strange messages about movements that you have not made, notify your operator and check if it is an illegal duplicate. In that case, quickly review all your bank accounts and other services such as social media or subscriptions and, most importantly, change the password. If necessary, change all the passwords you have.Â
Faced with this type of attack, two-step verification has proven not to be entirely secure. It can be useful, but it is better not to put all the responsibility in this system and your mobile. Some applications or systems allow us to use the fingerprint reader to identify ourselves, so we do not depend solely on SMS.
Password Manager Solution
Having a password manager can also be helpful in such a scenario. They recommend a safe in which to keep a complete list of our passwords so that we never forget them and to be able to review all the ones we have quickly, in case the attackers have changed them.
We could also recommend other “somewhat more robust” authentication systems than SMS or fingerprints. We are talking about security keys. Google’s Titan is one of the best-known examples, but there are other models available.
These physical keys in the form of USB are based on two-step authentication, but instead of being an email or SMS with a code that can be stolen from a distance, you have a key like your home key with which to identify yourself on any device.
Finally, if you are a victim of robberies like these and detect strange movements in your bank account, you should notify the bank and the police immediately. They will need all the information that you can collect, such as expenses that you have not made, messages, accesses from other devices, or suspicious emails to pursue criminals.
