In SIM jacking a bad actor uses the subscriber identity module (SIM) card associated with your cellphone number to make calls, send texts, and use data. This has several potential negative outcomes:
- Your phone bill goes off the charts with international calling and data usage fees.
- They might impersonate you by sending texts to scam your friends and family.
- They can sign up for new email and social media accounts using your phone number.
Most importantly? They can use your phone number and SIM card to sign into your personal accounts. Many of us use text messaging for authentication. That’s when a site, say your bank, sends a code to your phone to confirm it’s you.
Now, imagine the criminal has access to your bank account through a leaked password. Whereas they couldn’t get in before because of two-factor authentication, they now have your SIM card, too. That means the SMS to authenticate your account also goes to them. They’re in, and you’re out.
How Does SIM Jacking Work?
Typically it starts, as so many cyberattacks do, with phishing. You might get a text or email that looks like it is from the cellphone carrier that asks you to click on a link. It might tell you there’s been suspicious activity on your account or that your bill is past due. It’s usually something that will make you anxious and feel the need to act urgently.
You’re taken to a fake website where you provide your name, address, cell phone number, and date of birth. With the right information, the scammer contacts your phone carrier and asks for a new SIM card. Once they have that in hand, they access your account and take over your cellphone. If they pair that with leaked credentials, they can really do damage.
If you’ve been SIM jacked, you’ll find out after the fact. You will no longer have a signal connection, so you won’t be able to send texts or make or receive calls. You may also have difficulty signing into the hacked accounts.
If you do think you’ve been SIM jacked, contact your carrier ASAP. Also, change your passwords and let your friends and family know. Otherwise, they might fall victim to a malware attack that appears to come from you.
Protect Yourself from SIM Jacking
Be careful with your personal information. Be wary of any requests to share your sensitive information online. Avoid taking action based on text messages or emails from people you don’t know and trust.
Protect yourself by using an authentication app such as Google Authenticator or Authy. Do this instead of using text messages to authenticate yourself online.
Always update the applications on your smartphone. Yes, it seems like there are constantly new updates, but they can be protecting you from vulnerabilities.
You might also get a request to restart your phone. This is a common sign your SIM card has been hacked. If you do it, you’ll lose control of your SIM card. So, call your carrier first.
It’s also a good idea to regularly review your phone bills for any charges that you don’t recognize.
Want to protect your online activity? Our IT experts can help update your applications and identify any vulnerabilities. Contact us today at (888) 234-WDIT(9348).