Criminals can break into your phone in ‘SIM swapping’ attack without device leaving your hands – three ways to stop it
ANDROID and iPhone users must be wary of ‘SIM swapping’ attacks, where a hacker infiltrates a device without ever laying hands on it.
Cybercriminals can take control of your smartphone and crack into your online accounts in one fell swoop.
SIM is an acronym for “Subscriber Identity Module.” A SIM card is a memory chip that contains unique identifiers like your number, cellular plan, and the contents of your smartphone.
What makes ‘swapping’ attacks so dangerous is that they happen remotely.
After gleaning your phone number and private information from a data leak, a hacker can convince your mobile carrier to reassign your number to a new SIM card.
The criminal can then access your phone’s data and change your credentials to lock you out of your online accounts.
Despite the covert nature of these attacks, there are warning signs that you may have fallen victim.
Your carrier may send a notification text alerting you that your SIM card has been deactivated, which is the clearest warning sign.
Additionally, if your phone no longer connects to the cellular network and can’t make calls, text, or access the internet, TKTK
To avoid falling victim to these devastating attacks, start by ensuring your personal information is as secure as possible.
One helpful step is setting up multi-factor authentication, or MFA, on applications and accounts that allow it.
MFA requires you to prove your identity in two or more ways before accessing your accounts.
This may entail sending a passcode to your phone or email address or using a biometric identifier like a fingerprint.
It is also important to watch out for any attempts to steal your data or breach your accounts
Criminals commonly purloin information like social security and credit card numbers through phishing attacks.
You’ve likely heard of phishing, where scammers dupe unsuspecting victims into doling out personal information.
These criminals often exert psychological pressure on their targets, ramping up the pressure to make them act quickly and irrationally.
Be wary of messages from people and organizations you don’t know. Double-check the sender’s address for typos and other clues like numbers in place of letters.
You should also scan the message itself – are there grammatical mistakes? Does it make sense, or is it meant to trigger an immediate reaction?
As a general rule, delete any messages from senders you don’t know and avoid clicking unfamiliar links, which can download malware onto your device.
How are scammers finding my number?
Here Mackenzie Tatananni, science and technology reporter at The U.S. Sun, breaks down ways a scammer may get your information.
Scammers commonly get phone numbers from data breaches, which occur when a hacker accesses a private database – often those maintained by companies like service providers and employers.
This information may be shared and circulated online, including on the dark web, where there are forums dedicated to sharing leaked information.
Another common technique called wardialing employs an automated system that targets specific area codes.
A recorded message will instruct the listener to enter sensitive information, like a card number and PIN.
There is also a far more harrowing possibility: your phone number could be listed online without your knowledge.
Data brokers are hungry to buy and sell your information. These companies gather information from various public sources online, including social media and public records
Their primary goal is to build databases of people and use this information for tailored advertising and marketing.
Much of this information ends up on public record sites, which display information like your phone number, email, home address, and date of birth for anyone to see.
In the United States, these sites are legally required to remove your information if you request it.
Locate your profile and follow the opt-out instructions, but be warned – these sites do not make it easy and intend to frustrate you out of completing the deregistration process.
For simplicity’s sake, you can also use a tool to purge your information from the Internet.
Norton offers one such service. Called the Privacy Monitor Assistant, the tool finds info online and requests removal on your behalf.
It is also possible that your phone number may be linked to a social media account and publicly displayed on your profile – this happens quite frequently with Facebook.
Be sure to review your privacy settings and confirm this information is hidden away from prying eyes.
Lastly, it is worth using a password manager instead of saving passwords directly to your browser.
Google Chrome, for instance, will ask if you want it to “remember” your credentials when you sign in.
While the convenience may seem tempting, the risk greatly outweighs the benefits. If a cybercriminals manages to breach your account, this information will be readily available.
Entrust your passwords to a password manager instead, which encrypts your credentials to keep them safe from prying eyes.