Sim Swap Survival Guide
WTF is SIM Swapping?
SIM Swapping, a scam in which blackhat hackers steal your mobile identity (aka your mobile account).
Basically, a SIM swap is when someone convinces your carrier to switch your phone number over to a SIM card they own. By doing this the blackhat hacker can get your SMS to complete an authentication to your logins, get login passwords, and get devices using your mobile carrier account.
The good news is, you can take steps to limit the chances that a SIM swap attack will happen to you.
PIN in It!
Every major carrier offers you the option of putting a PIN or a passcode on your account. Having one adds another layer of protection, another piece of information a blackhat hacker needs before they can compromise your identity.
1. set up a “wireless passcode” that’s four to eight digits long by going to your profile.
2. Sign-into your account.
3. Then Get a new passcode.
You should also add what the carrier calls “extra security,” which just means it’ll require the passcode to manage your account online or in a retail store. You can find that by going again to Sign-in info, then Wireless passcode, and checking Manage extra security.
They actually require a PIN, but to set yours up or change it, sign into your account. Enter the PIN of your choice twice, click Submit, and you’re done.
You have to call instead. Dial 611 from your mobile phone and ask to add “Port Validation” to your account, which lets you choose a six to 15 digit PIN.
Sign into your account, click on My Sprint, then go to Profile and security. Scroll to Security information, and update your PIN there.
Contact your mobile carrier to have a restriction set as to who can make account changes and purchases. Also, setup email notifications for your account activities.
Use Better Two-Factor
Getting your two-factor authentication codes over SMS is better than nothing, but it won’t help at all if a SIM swap hits.
Apps like Google Authenticator and Authy give you that extra layer of security like SMS-based two-factor does, but they also tie it to your physical device rather than the number the phone company assigned to you. They show you a six-digit code that updates every 30 seconds, and stays in constant sync with whatever service you connect them to.
I suggest you use Authy. Its secure and cloud based for easier backup.
Signs that you've been a victim of SIM Swapping
1. Social media activity that isn’t yours.
2. Your phone calls and text messages aren’t going through.
3. You have account activities that you didn't authorize.
4. You receive a security alert email that login attempts were made from a different or unfamiliar location or device
5. The biggest is if your login credentials for your bank or other accounts no longer work.
It’s not too late to get your information back if you fell victim to a SIM-swapping attack. Follow these steps:
1. Contact your cellphone service provider immediately.
2. Request the deactivation of the hacker’s SIM card and recover the service on your present cell phone.
4. Change the password of all your accounts.
5. If you notice any unusual charges on your bank account, credit card, or other financial accounts, report them to the relevant institution immediately.
6. If your Social Security number has been stolen, contact the Social Security Administration immediately (1-800-772-1213).