Don't let third parties in on your two-factor verification.
Fortunately, there are many new methods of keeping threats at bay, such as two-factor authentification. As we’ve discussed before, two-factor authentification requires a secondary form of identification before access is granted to specific accounts. The primary second factor many choose is a text message or phone call to their cellular phone. Unfortunately, some hackers have discovered how to steal your number and falsify a two-factor authentication. But how? A little something called SIM hijacking.
What is SIM Hijacking?
Very similar to illegal porting, SIM hijacking also involves stealing your phone number and taking it to another phone carrier. Instead of directly porting out the number to another phone, this person has requested a new SIM card—possibly from your existing carrier. This request would be reasonable if it were you asking for it because you had damaged your past SIM card beyond repair or lost it altogether. However, when someone else obtains a functioning version of your SIM card, they also have full access to two-factor authentification that may grant them access to Google, Dropbox, iCloud, banking, and even password manager accounts.
How does SIM hijacking occur?
SIM hijacking can occur when someone has gathered enough information about you to pass as you for your cell phone carrier reliably. While this can be done by employing phishing, this may also be done by simply collecting information about you that you readily share online via social media and other sites. Depending on the cell phone company in question, this may be difficult or relatively simple.
How to Prevent SIM Hijacking
To help prevent the likelihood of SIM hijacking, there are a few steps you can take.
- Be cautious in regards to anyone claiming to represent your cellular provider—whether via phone call, email, or even responding to a question you have via social media or on a forum. Do not provide them with any personal information. If they are requesting you log in to update any personal information, verify this with your cellular provider first through an independent means. Independently log on using your official account to speak to customer service or call what you know to be their official service phone number. Do not click on any links in emails.
- Do not use personal details in public on the internet. Whether you’re selling something on Craigslist, Facebook Marketplace, or otherwise, do not use your home address. Your home address is frequently used to verify your identity, so this should be closely guarded.
- Make the necessary security details with your carrier. Logging on through a secure means, look up or ask what is required to port out your number or to request a new SIM card. Make sure that the procedures are robust as possible and virtually impossible for someone else to perform. Ensure that all passwords are incredibly robust and your security questions are obscure to the point that only you would know their answers.
- Regularly check the security status of your accounts. Make sure that your secure accounts’ records of login attempts line up with your own attempts. If you spot any unaccounted for failed attempts, notify your carrier immediately.