More and more services use your phone number to identify you, sometimes in addition to an email address, other times instead of one.
This may happen to more easily target you, or to prevent fake accounts and spam more efficiently, but can also put you in severe danger of SIM Swapping attacks.
[Want more security tips? Sign up for the ExpressVPN newsletter.]
In a SIM Swapping attack a hacker uses social engineering techniques to convince your mobile phone company to issue a new SIM card, and to reroute all calls and text messages to this new card.
Your phone will lose signal, and you will not receive, for example, any fraud alert messages from your bank.
Here are five steps to protect you from falling victim to this threat:
1. Don’t give online services your phone number
Online services shouldn’t need your phone number. They shouldn’t ask for any information they don’t need, and they shouldn’t put you at risk keeping this information on file.
2. Use other forms of two-factor authentication
Don’t use your phone number for two-factor authentication (2FA). Instead, use authenticator apps or, even better, hardware security like the FIDO U2F standard.
These options will ensure that your access to your accounts is not dependent on your SIM card or phone. When your phone number is the sole method of identification (such as for your Whatsapp or Telegram account), don’t forget to set a secondary password to keep people out!
3. Use a prepaid SIM card
As long as your prepaid SIM card is not tied to a name or another form of identification (including credit card or ID number), it is close to impossible to be ‘swapped.’
Some services will only allow you to replace the SIM if you have the case the card came in, so be sure to keep it secure!
4. Test your most vulnerable accounts
There may be some accounts that you aren’t able to unlink from your phone number, be it for legal or practical reasons.
To learn how you can protect yourself from SIM Swapping, why not test how easy it is to take over your email, chat, or bank account with just your SIM card and some publicly available information, like your date of birth or full name.
Such a test will help you assess whether there are additional steps you can take to protect these accounts, like 2FA, or switching providers, for instance.
5. Put a lock on your phone account
Contact your phone company to find out what mechanisms are available to protect yourself from a SIM Swapping attack. Some providers will let you set a password for customer service, while others will require you to show up in-person to a store and identify yourself with your government ID.
Hopefully, in the near future, insecure phone lines and unencrypted SMS will be a thing of the past, but for now, they are difficult to escape.
Hackers will attempt to get hold of your bank account and social media accounts by diverting SMS and phone calls to their accounts. Protect yourself and lock down your accounts today!