SIM swapping

SIM Swapping: What is it And What Can You Do to Prevent It

in Hacking

SIM swapping refers to a hacking technique where a malicious actor tricks a mobile phone operator to change their victim’s number to a SIM card they control. Then, they use the SIM card to reset passwords that use SMS verification and gain access to your online accounts.

In this guide, you will learn how SIM swap attacks work and how you can protect yourself against them.

How Does SIM Swapping Work?

It is possible for a hacker to contact and convince your wireless provider to pass your phone number onto a SIM card they control by using personal information they have gathered about you. If successful, they can then reset passwords for your email and other online accounts, and potentially steal money from you.

SIM Swap

Data breaches or visiting and leaving your information on malicious sites can allow these online miscreants access to information. Once they have this access, they quickly replace your SIM card with theirs to gain access to your incoming calls, text messages, email messages, and social media accounts.

SIM swapping is a nasty experience. Hackers can be merciless with their victims’ data. The primary goal to gain access to your bank account or cryptocurrency accounts to steal funds from you.

Additionally, hackers may try to scam people you know by impersonating you. Moreover, they could also use your digital identity to defraud businesses under your name.

Digital Privacy

Grab the Digital Privacy Toolkit

Get your FREE copy of the Digital Privacy Toolkit and discover the latest apps you can use to protect yourself against the expanding surveillance apparatus.

Despite all these scary details, you can keep yourself from falling victim to SIM swapping.

How to Prevent a SIM Swap Attack

There are two main actions you can take today to reduce the chance of a SIM swap attack.

Add a Pin Code

SIM Swap Attack

You can minimize your SIM card’s chances of getting swapped by adding a pin code or password to all your wireless accounts.

Companies like Verizon, T-Mobile, AT&T, and Sprint, require you to create a pin code when you register with them.

For AT&T:

  • visit your account profile, log in and click on the sign-in button
  • select your wireless account
  • if you have multiple accounts, you can choose “manage extra security”
  • input your password and save

For Sprint:

  • you can go to your account on Sprint.com
  • proceed to “my sprint” profile and security
  • under security information, update your pin and security questions

For Verizon Wireless:

  • call *611 and request for a Port freeze on your account
  • you can visit their webpage to find out more information about enhanced authentication on your account

For T-Mobile:

  • set up a pin or passcode at the point of registering with the My T-Mobile account

Set Strong Passwords

People love to use their birthdays, anniversaries or child’s birthdays as passwords. Unfortunately, those can easily be guessed. What you need to do is to create a very strong password that will be impossible to guess and save it in your password manager.

You should also avoid the use of SMS as a means of communication when asked for a medium to convey your pin code or authentication code, select email and not SMS.

Generally, you should refrain from sharing too much personal information online and only use SMS verification where it makes sense. Authenticator apps are arguably a safer option for two-factor authentication.

Feranmi is a freelance contributor to the Dark Web Journal. He is an experienced researcher and writer in areas such as decentralization and cryptocurrencies.