If you are reading this, you should immediately change the pin code you have set up with your mobile carrier.
On August 20th, 2021, T-Mobile announced that over 50 million people, including current and former customers as well as prepaid customers, were affected by a security breach. Information like Social Security numbers, driver’s licenses, and account PINs were exposed.
Regardless of whether you’re a T-Mobile customer, the exposure of your account PINs is a major risk. That’s the password that you’re asked to give to a T-Mobile employee before any changes can be made to your account. With this 4 digit pin code, your life will change for the worse.
A basic SIM swap attack is when a hacker convinces a cellular carrier to switch the target phone number over to a SIM card they own. The hacker can then use your phone number, on their phone, to trick services into resetting your passwords. Furthermore, the hacker will be receiving all your personal information such as text messages, calls, and data on their phone. They can get instant access to any two-factor authentication codes you receive through text messages, the PIN that an institution texts you to verify your identity.
SIM attacks appear to be behind the Justin Bieber hack and the hack of a cryptocurrency investor that resulted in the theft of $23.8 million worth of tokens.
If I do not have your attention, then please read this article.
Measures to be taken to Avoid Sim Swapping
If you’ve been a victim of a SIM hijacking attempt, there’s not much you can do to stop SIM hijackers from targeting you. If the attacker is skilled, they might actually take over your digital footprint.
On a lighter note, there are steps that you can take to limit the chances of a SIM swap attack ever happening to you.
Change your pin code: You should immediately change your carrier pin code by logging into your account, find the Security tab and change your pin code. I recommend changing this every 6 months and using a pin that has never been used before.
- Online behavior: Be on alert of phishing emails, you get a new email that looks like it’s from a friend, and other ways cyber attackers may try to access your personal data to help them convince your bank or cell device carrier that they are you. You may wonder, how are fraudsters able to answer your security questions That’s where the data criminals collected data on you.
- Account security: Increase your cell account security with a unique, strong password and strong extra security questions and answers (Q&A) that only you know.
- PIN codes: If your device carrier allows you to set a separate passcode or PIN for your communications, consider getting it done. It could potentially provide an additional layer of protection.
- IDs: Don’t build your security and identity authentication solely around your phone number accounts. This includes text messaging (SMS), which is not encrypted.
- Authentication apps: You can use an authentication app such as Google Authenticator, which gives you 2FA but it links to your physical device rather than your device number.
- Bank and mobile carrier alert: Watch out if your banks and mobile carrier can combine efforts, sharing their knowledge of SIM swap activity, and implementing user alerts along with additional checks when a new SIM card is reissued, for example.
- Behavioral analysis technology: Banks can use technology that analyzes customer behavior to help them discover and identify compromised devices, warning them not to send SMS passwords and other confidential info.
- Call-backs: Some organizations call customers back to make sure they are who they say they are when they are using their accounts — and to catch cybercriminals.
If you’re the target of a SIM swap scam
- Contact your cellular service provider immediately to take back control of your phone number. After you regain access to your phone number, change your account passwords.
- Check your credit card, bank, and other financial accounts for unauthorized charges or changes. If you see any, report them to the company or institution.
If you think a scammer has your information — like your Social Security, credit card, or bank account number — go to IdentityTheft.gov to see the specific steps to take.