BBB Tip of the Week: Be on the watch for SIM swapping
SIM Swapping is nothing new and in 2019, Better Business Bureau Northwest and Pacific wants you to be aware and prepared for the possibility of this happening.
During fall of 2018, I was getting a lot of questions about this rather new twist on account hacking. SIM swapping is when a hacker transfers your personal cell phone number onto his or her device through a process called “porting.”
The scenario often looks like this: Your cell phone carrier gets a call from a hacker pretending to be you. The hacker more than likely already has information on you such as your birthday and mother’s maiden name from a quick search on Facebook, so he’s easily able to decipher and bypass the passwords or security questions asked by your cell phone provider. From there, the hacker tells the carrier he’s lost the phone’s SIM card but has a new one and then asks the carrier to transfer (or port) “his” cellphone number onto a new SIM card.
The issue: It’s your cell phone number he’s porting onto his SIM card.
Once a hacker seizes this, he can use your cell phone number as a master key to all related accounts such as Netflix, Amazon, Instagram and, of course, mobile banking, since our cell phone numbers are associated with almost every facet of our online identity.
A hacker with your phone number can then attempt to log into your social media accounts and change everything. Typically, hackers target Instagram users with short, unique usernames. Why? Because if they can take over that account, they can sell your username for bitcoin on the dark web. Short usernames go for $500 to $5,000.
Or, perhaps, the scam artist goes for your banking information. She can log into your mobile banking app and when your bank verifies that it does not recognize this new device, the bank is going to send a one-time verification code to your phone number. But now, your phone number is associated with the hacker’s device, so she gets the security code instead. All of a sudden, they have access to all of your accounts. In this example, we can see that hackers are actually able to bypass the two-factor authentication process that banks have set up, making this scam even thornier.
While scammers can target specific people for this scam, it can also be done at random based on your number being selected and the hacker’s ability to bypass your carrier’s security features. What’s particularly scary about this scam is that consumers and business owners may not know right away their phone number has been compromised – if you’re waiting on verification codes and they’re not coming through, call your cell phone provider.
The good news is, cell phone carriers are aware of this growing issue and are setting up protocols to better protect consumers.
BBB Northwest and Pacific recommends these tips:
Ask your cell phone carrier if they offer a “port validation feature.”
Make sure you already have passwords or security codes set up with your cell phone carrier that are required to access ANY information about your account.
Don’t use password saving functions or keychains, especially for important accounts, such as banking.
Wherever you can, remove your phone number from your online account. If a phone number is required, consider setting up and using a Google Voice number. Google Voice is an internet-based service that allows you to forward your calls to a unique Google number. You can also use this number for all online accounts. Google Voice numbers are not easily hacked.
If your phone is stolen or lost, call your cell phone carrier immediately to deactivate your SIM card. Have Find My iPhone/Device turned on so that you are able to remotely erase all data.
For more info on Sim Swapping and the Better Business Bureau you can find out more at www.bbb.org