A growing threat is upon us, and anyone who owns valuable accounts is subject to being hacked. The worst part, your data will fall into wrong hands because of the most basic thing you own, and that is your phone number. You could easily fall victim to hackers who trick mobile networks into giving them your phone number to steal information like usernames and sell them for Bitcoin. A group of criminals has been making use of a technique known as SIM swapping or SIM hijacking to steal bitcoin, other cryptocurrencies, and social media accounts. This “port out scam” has spread like wildfire for its easy execution and low possibility of getting caught. It turned out to be a profitable activity practiced by criminals who look forward to winning big with bitcoin and cryptocurrency accounts.
What is SIM Hijacking?
In order to steal a username, an account or credentials via SIM swapping. One must know the phone number linked to these accounts. Hackers contact victims’ cell phone providers to request new SIM cards. They would then transfer the target’s phone number to the new SIM card and reset the passwords of the target’s crypto, bank, investment, social media, email accounts and those that are linked to Amazon, Netflix, and Hulu. By doing so, scammers would lock out the owner of these accounts. As a result, the owner would lose control over his/her data. Mobile Networks are to blame for this too. Not only for easily handing out numbers, but also for not being very cooperative when the Motherboard requested data on the prevalence of SIM swapping. These major mobile providers are aware of the SIM swapping. However, they just don’t want to admit it or provide information about it.
SIM Swapping – A Real Threat
SIM swapping is all about tricking mobile networks into transferring the “target’s” phone number to a SIM card controlled by the criminal. The police arrested Joel Ortiz, the 20-year old college student on charges of SIM swapping or hijacking. He collected five million dollars from hacking 40 phone numbers. As soon as they get the victims’ phone numbers, the criminals reset their passwords and hack their accounts, especially cryptocurrency accounts.
Erin West, the Santa Clara County deputy district attorney released a statement saying: “This is happening in our community and unfortunately there are not a lot of complaints to law enforcement about it. We would welcome the opportunity to look into other complaints of this happening. We think that this is something that’s very dangerous.”
How to Protect Yourself Against SIM Swapping
When asked about any feelings of remorse for hijacking people’s accounts, the criminal said: “Not at all, sad to say. I take their money and live my life. Their fault for not staying secure. People cannot live off the thought that it takes highly qualified people with social engineering tools and tech background to pull this hijacking thing off. They must take all the security measures necessary to protect themselves against potential threat at all times. Here’s how they can avoid the threats of SIM swapping:
Mobile Networks must develop new security features that make it harder for hackers to take over accounts and telephone numbers.
Don’t link your phone number to online accounts
You should remove your phone number from any account that could capture hackers’ attention. If hackers get a hold of your phone number, they can get access to all your online accounts.
Change your security settings
SMS-based authentication is not nearly as secure as you’d think. Instead, use token-based 2FA.
SIM Hijacking- Summary
A hacker who does SIM swapping says “with a phone number, you can get into every account within minutes and no one can do anything about it.” If someone hacks you via SIM hijacking means that you have something hackers are looking for. And what they decide to do with your accounts/ usernames depend on what they’re after. Whether they blackmail victims or sell Instagram usernames for bitcoin in cryptocurrency, SIM swappers hit the jackpot. What have mobile carries done so far to mitigate the crisis? Absolutely not enough. Even though we agree that it’s the mobile carriers’ responsibility, it doesn’t relieve us from our own responsibility towards protecting ourselves online.