It is a fact that cyber-attacks aimed at stealing personal data are increasing. While most people are aware of phishing attacks, very few are aware of the dangers of so-called SIM swapping, where cybercriminals get their hands on a copy of a victim's mobile SIM card.
With a duplicate SIM, they can then bypass the two-step verification process that protects services like banking apps. The problem is so serious that the FBI issued a warning regarding SIM Swapping and for this reason the Check Point Software Technologies Ltd., a global provider of cyber security solutions, has put together three simple tips to protect users.
What is SIM swapping?
SIM swapping occurs when a cybercriminal obtains a copy of a user's SIM card. However, to do this, it first needs access to the user's personal data, such as ID, phone number and full name, which can be obtained using phishing techniques. A cybercriminal then simply contacts that user's mobile phone provider and proceeds to impersonate them over the phone or the internet, or even by visiting a physical store.
Once the copy of the SIM is obtained, he only needs to insert the card into a device to access all of the victim's account information and data, including their call logs and message history.
From that point on, he has full control and it's easy to access his victim's banking app and steal his money by moving it to another account. Although this requires the use of a verification code, remember that the attacker has access to the victim's mobile line, as well as any code intended for it.
How to stay safe:
- Be careful with your personal data: this is the information cybercriminals need to copy your SIM card. This is why it is so important to be careful about the websites you visit. Make sure that the website in question is official and has all the various security measures such as encrypted connection. Look for the lock symbol in the address bar, which indicates that it has a valid security certificate, and that the URL starts with httpS://, if it doesn't end with S://, it could potentially be a dangerous page.
- Learn about phishing:you need to know the telltale signs of a phishing attack to prevent them from gaining access to your personal data. Watch out for emails and text messages with spelling mistakes, even if you know the sender. Pay close attention to the domain to make sure it is genuine. The same goes for strange links or attachments. Often, such details are signs of a phishing attack.
- Watch out for signal loss: an easy oneand a sure way to know that there is a dual SIM card is that your mobile signal will be completely lost as you will be holding a phone with a SIM card that will not have any access to a mobile network. As a result, you will no longer be able to make or receive calls and messages. If this happens, you need to contact the authorities and your mobile operator so they can disable your SIM card and start the process of recovering your data.
“Cybercriminals are always looking for new ways to access your data to achieve their goals. It is important that everyone is able to spot the signs of an attack. If people are not aware of the basic indications, they automatically put themselves in very great danger and are very likely to suffer correspondingly very serious consequences. For example, he could see his bank account emptied or become a victim of identity theft that allows cybercriminals to purchase goods and services over the Internet in their victim's name," warns Constantina Koukou, Channel Account Manager & Evangelist, Check Point Software Technologies, Ltd.