The world of mobile telephony often has scams and scams that force you to be very cautious if you participate in it. One of the most popular hoaxes is slamming, that fraud that changes your telephone operator without you being aware of it at any time.
Although it seemed a few years ago that the disappearance of SIM cards was close, the truth is that they are still standing, and they are also protagonists of scams that can affect you.
SIM-swapping, an increasingly widespread mobile scam to which you should be very careful.
As its own name indicates SIM-swapping is a change or duplicate of SIM card to pass the data to a new card controlled by hackers. After collecting personal information about the victim, the attacker impersonates her before the agents of the telephone company, making such a dangerous SIM card change.
In SIM-swapping, social engineering is used with the operator's worker, not with the user himself. Through psychological manipulation, the hacker gets all the data of the SIM of the victim pass to his card to be able to use it this way during the verification of banking procedures.
By just having your date of birth or phone number, hackers can begin their plan to impersonate you before the telephone company. Thus, they create a false identity with which to convince the telephone agent that you want to change or duplicate your SIM card because you have lost or damaged it, for example.
This technique allows to circumvent the security measures that place the mobile as an instrument of verification of our identity, and that is dangerous as we have seen in the economic field, but also in many other scenarios.
Twitter CEO Jack Dorsey suffered an attack that suddenly caused offensive and racist messages to appear on his Twitter account that were subsequently eliminated.
The problem was due to this impersonation that caused a telephone operator in the United States to allow the attacker to obtain a duplicate of Dorsey's SIM, which in turn allowed this attacker to use the function of posting on Twitter via SMS messages That was one of the original features of the service.
Immediately when Dorsey realized the offensive messages that were leaving his account via SMS, he decided to disable the sending of messages to the platform through SMS.
Once again it shows the weakness of mechanisms such as SMS messages for two-step authentication systems.
Tips not to fall victim to SIM Swapping
We recommend you follow these tips to avoid being a victim of SIM Swapping:
- Use an additional password or double authentication: facial recognition, voice recognition, fingerprint recognition, additional PIN, Google authenticator, etc.
- Beware of the information you share on the Internet: The more data there is about you on the web, the easier it will be for bad people to blackmail you, rip you off or get other things from you like passwords, bank accounts, etc.
- Don’t store everything on your mobile: it is not a safe. It is an electronic device that is not 100% safe.
- Require your mobile operator to reinforce its security systems when dealing with operations on your behalf.
- Messages through messaging applications (WhatsApp, Telegram, Line…) are more secure than SMS, since they are encrypted and the latter are not, making them more susceptible.
- Don’t link your bank accounts to your account or phone
- Never give anyone your PIN code. Never!
- Install an antivirus or security solution to prevent them from stealing or accessing your personal data.
What to do in case your mobile device has already been stolen:
- Ask your operator to block the IMEI of your phone;
- Find it with the locator
- Cancel the SIM and ask for duplicate of it.
- Change all your passwords. All!
- Report it to the Police
- Report it to your operator
- Notify your contacts. Yes to everyone.
- Lock the device and delete the content remotely, if you can do it.