In this day and age, cell phones are truly the key to your identity. Just think about it, there are so many situations in which we use our cell phones to prove that we are who we say we are. Unfortunately, the bad guys are well aware of this and have found many ways to sow mayhem into our lives by compromising our cellular devices. One way they do this is via a tactic known as SIM jacking.
SIM jacking is when an individual impersonates you and contacts your cellular provider in order to steal your cell phone number. The individual who we’ll call scum master 3000 then convinces your service provider to switch your number to a SIM card in which scum master 3000 owns. Scum master 3000 can now intercept your SMS two factor authentication codes, read your text messages, run up your phone bill, and do a whole host of other malicous acts which would negatively impact your quality of life. Luckily, there are several measures that we can take to limit and or ultimately prevents ourselves from falling victim to SIM jacking.
1. Set up an account pin with your mobile carrier – In order to make changes to your account, the attacker would need to know your account pin.
2. Set up a SIM pin – This counter measure is similar to the one listed above however, a SIM pin is a local pin that’s set up directly on your SIM card where as an account pin is set up with your mobile carrier.
3. Ask your cellular provider to not make any changes to your account unless you show up in person (also known as no port) – This requires you to show up in person at one of your cell phone providers branch offices with a valid form of identification in order for account changes to be made; thus significantly reducing the likely hood that you’ll be a victim of SIM jacking.
4. Disable phone based account recovery and enable two factor authentication via token (Google authenticator, Duo, etc…) or email – This provides you with an extra layer of protection and gives you additional time to resolve your SIM jacking dilemma as the attacker would not be able to reset your account passwords via SMS or phone verification as you’ve opted to leverage another service to verify your identity. Note, this tip doesn’t protect you 100% put adds another barrier that the attacker must breakdown to gain access to your accounts.
While SIM jacking can cause a lot of damage, it’s still not as common as other targeted attacks such as phishing scams, business email compromise, and ransomware. It’s still worth taking the necessary precautions to reduce your chances of falling victim to SIM jacking.