The FBI issued an announcement to warn consumers of the increase of complaints of hackers stealing money through SIM swapping. SIM swapping is not a new hacking technique, but the reports of attacks have increased exponentially over the past year. The FBI received 1,611 complaints that resulted in $68 million being stolen in 2021. This is a dramatic increase compared to only 320 complaints in the previous three years combined.
SIM swapping is a technique used by criminals to gain access to a targeted mobile phone. Hackers convince mobile phone carriers to swap service from the target’s phone to a SIM card controlled by the criminal. Criminals use phishing techniques to get the personal information needed to impersonate the user to the phone company and authorize the transaction. Once the SIM has been swapped, the criminal has access to the user’s phone calls and text messages. Then they can perform a password reset on bank accounts or other high-profile accounts with two-factor authentication. Criminals are primarily targeting user bank accounts and cryptocurrency accounts.
The FBI released some tips on how to protect yourself from SIM swapping including the following:
- Do not provide your mobile number account information over the phone to representatives that request your account password or pin. Verify the call by dialing the customer service line of your mobile carrier.
- Avoid posting personal information online, such as mobile phone number, address, or other personal identifying information.
- Use a variation of unique passwords to access online accounts.
- Be aware of any changes in SMS-based connectivity.
- Use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts.
SMS-based two-factor authentication is the easiest method for extra security, but it’s also the most vulnerable to SIM swapping hacks. The US government recommended companies move away from SMS-based authentication in 2017, but companies have been slow to react. However, any form of two-factor authentication or multi-factor authentication is better than none at all. You should always use MFA/2FA if it is an option, especially on your more important online accounts.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.