What is SIM Swapping or Sim Hijacking and how can you prevent it?
Introduction: What is Sim Swapping and Why it’s a Problem?
SIM Swap scam is a technique used by hackers to hijack a mobile phone subscriber’s identity and to gain access to their sensitive information. This technique, when executed, involves the hacker sending an SMS or call conversation to the victim’s mobile network provider to request an update for the subscriber’s SIM card. The mobile network provider will then transfer the victim’s SIM card to a new handset and will send it back in packaging that looks like it was delivered by courier services.
The hacker can then use the same handset and SIM card that they swapped with their victim and receive all calls and messages that would otherwise be delivered to them. An article from The Times Of India explains how a business man from Delhi lost 18 Lakhs by becoming a victim of SIM swapping. Click here to read the article.
What Happens When Your Phone Gets Hijacked?
Unauthorised phone number porting, also known as “sim hijacking,” is the practice of taking control of someone’s phone number by getting another carrier to transfer a mobile phone number from one device to a different device. A sim swap starts with a fraudster finding out the victim’s mobile provider, then contacting that provider and impersonating the victim or someone else who has the authority to request a new sim card.
When they get through, they’ll request a new sim card for their device and make up some story about why they need it changed. Once the fraudster gets the new sim card in their possession, they can activate it on any compatible device and start making calls or sending texts from that phone. The most common type of SIM swapping method is that you receive either an automated call or the fraudster himself calling you and asking to press a number from the keypad to complete the request they make (can be to verify your identity / confirm bank details etc).
Once you press the required number on your phone’s number-pad, the call immediately gets disconnected and after a few minutes, you will notice that there is no cellular network on your mobile phone. This means that the SIM card has been successfully hijacked. The fraudster will request for a duplicate SIM card in the process and activate your number on the duplicate SIM card.
Once the duplicate SIM card has been activated and is working, all calls and messages will be re-routed to the fraudster’s mobile phone. This includes all banking related details such as OTPs, account information, business calls, OPTs which can be used to change passwords of your online accounts and so on.
Conclusion: How can you protect yourself against SIM swapping attacks?
A SIM swapping attack is a type of identity theft that takes place by intercepting and modifying the SIM card details of the victim. This means that attackers can easily get access to all of your personal information and data, and then use it to assume your identity.
There are many ways you can protect yourself against sim swap attacks such as:
- Never sharing your phone number on social media, or with anyone who you don’t trust.
- Setting up a PIN on your phone for additional security, so it cannot be accessed by someone even if they have physical possession of the device.
- Setting up two step verification on any accounts linked to your phone number.
If you find this article useful, be sure to subscribe to the newsletter to stay up-to-date with the latest posts from Ciphernet. Click here to know what exactly is social engineering and how you can give out sensitive information about yourself or your organisation without realising that you’re doing it.