The new phone you bought may send your private information to criminals.
SIM-swapping is the practice of tricking or bribing mobile phone store employees into diverting a target’s phone number, text messages and calls to a device the attackers control.
SIM-swapping attacks might sound like one of the identity theft horror stories that only happens to people who are too careless or cavalier with their personal information, but more of us are at risk than it seems.
A recent study from Princeton found that several U.S. carriers are vulnerable to SIM-swapping attacks, and prepaid accounts are the most susceptible. Researchers signed up for ten prepaid accounts on AT&T, T-Mobile, Tracfone, US Mobile, and Verizon each. They were then able to successfully “trick” customer service reps and circumvent account security protocols to gain control of activated devices. They then remotely disabled these devices’ network access, which is how most SIM-swap attacks begin. You can read the entire paper here (via Engadget).
SIM-swap attacks normally begin with an old-fashioned phishing scam. Email phishing is still surprisingly common, but hackers also use fake login pages, apps loaded with spyware or keyloggers, fake ads, and malicious message attachments to gain access to your accounts. Once they have that, all it takes is knowledge of your phone number and some personal data to execute a SIM-swap attack.
Phishing isn’t the only way to start a SIM-swap attack; hackers can get your info from leaked personal data, or even physically lift it from your devices. You should always take proper care to respond to leaks and avoid losing your device (or letting the wrong people use it).
Some early SIM-swapping attack warning signs
When you’ve been hit with a SIM-swap attack, your device will start acting up. Here are some clues that you might be the victim of these specific type of hack:
Sudden changes in service. The first sign of a SIM-swap attack is receiving notifications from your provider that your phone number or SIM card has been activated elsewhere. However, many providers have security measures in place to reduce the likelihood of a successful takeover, and they may try to confirm account changes with you before they take affect. Or at least they say they do.
Unauthorized security alerts. Similarly, if you have the proper settings enabled, you may receive notifications or email alerts that important profile data—such as passwords, pin numbers, security questions, contact info—for your service provider and other accounts has been changed or that logins were made (or attempted) from unrecognized locations or devices. You need to respond to these alerts immediately, regardless of if anything was successfully changed. Someone is trying to hack into your accounts and steal your identity—whether by a SIM-swap attack or some other means. The faster you catch and react to these attempted changes, the better your chances are of mitigating the hack’s severity.
Signs of a successful or ongoing SIM-swapping attack
What you’ll experience after a successful SIM-swap attack is even scarier. Once someone gains access to your phone number, they now have access to any apps, accounts, or personal data tied to it (including two-step authentication requests). From there, it’s only a matter of minutes before they’ve locked you out of everything and assumed your identity.
Here are some additional warning signs to look out for:
SIM-swap attacks normally begin with an old-fashioned phishing scam. Email phishing is still surprisingly common, but hackers also use fake login pages, apps loaded with spyware or keyloggers, fake ads, and malicious message attachments to gain access to your accounts. Once they have that, all it takes is knowledge of your phone number and some personal data to execute a SIM-swap attack.
Phishing isn’t the only way to start a SIM-swap attack; hackers can get your info from leaked personal data, or even physically lift it from your devices. You should always take proper care to respond to leaks and avoid losing your device (or letting the wrong people use it).
Some early SIM-swapping attack warning signs
When you’ve been hit with a SIM-swap attack, your device will start acting up. Here are some clues that you might be the victim of these specific type of hack:
Sudden changes in service. The first sign of a SIM-swap attack is receiving notifications from your provider that your phone number or SIM card has been activated elsewhere. However, many providers have security measures in place to reduce the likelihood of a successful takeover, and they may try to confirm account changes with you before they take affect. Or at least they say they do.
Unauthorized security alerts. Similarly, if you have the proper settings enabled, you may receive notifications or email alerts that important profile data—such as passwords, pin numbers, security questions, contact info—for your service provider and other accounts has been changed or that logins were made (or attempted) from unrecognized locations or devices. You need to respond to these alerts immediately, regardless of if anything was successfully changed. Someone is trying to hack into your accounts and steal your identity—whether by a SIM-swap attack or some other means. The faster you catch and react to these attempted changes, the better your chances are of mitigating the hack’s severity.
Signs of a successful or ongoing SIM-swapping attack
What you’ll experience after a successful SIM-swap attack is even scarier. Once someone gains access to your phone number, they now have access to any apps, accounts, or personal data tied to it (including two-step authentication requests). From there, it’s only a matter of minutes before they’ve locked you out of everything and assumed your identity.
Here are some additional warning signs to look out for:
You cannot send or receive texts and phone calls.
Someone says your social media or email has been hacked. A hacked Twitter account can be a sign of more than just poor password strength—it’s one of the easiest ways to catch a SIM-swap attack.
Being unable to use any apps on your phone. If you’ve suddenly been signed out of all your apps and various other accounts and can’t log back in, that’s an obvious sign of some kind of identity theft.
Unauthorized bank activity.
From Krebs on Security and Lifehacker.