The method used to take control of victims’ phones, called “SIM swap”, is giving mobile operators a headache. We explain what it consists of and how to avoid it.
When our personal data ends up on the web, like the millions of Facebook Leaks phone numbers for example, the main risk is to be targeted by phishing attacks to steal access to your accounts.
One of the solutions is to activate double authentication on the services you use. It adds, in addition to the password, a new authentication step, such as a message with a code, the use of a security key or an authentication application. If someone tries to access your account after having hacked your password, then they should normally be blocked by the confirmation of your identity, which will take place on your smartphone.
In theory, this protects you. However, it is possible to have your phone number stolen, this technique is called ” SIM swapping ».
What is SIM Swapping? And how does it work?
This term, SIM Swapping, is a term which designates the fact of “want »A mobile phone number. The objective of hackers is then to transfer your number from your SIM card to a SIM card in their possession.
It is not a complicated and out of reach technique. Often, hackers contact your operator’s customer service to impersonate you. They can claim the loss of a phone, theft or an operating problem. They can also directly bribe an employee of a mobile operator.
To manipulate mobile operators, they use personal information such as your date of birth, your address … information that can be found on the web, but also in the stolen databases that can be found on thedark webor even on open access forums.
Once the number has been transferred, this allows hackers to receive your SMS and calls, and of course to unlock access to certain services with double authentication. One of the most common examples is that of Jack Dorsey, one of the co-founders of Twitter, who had his own Twitter account hacked. There is also the case Michael Terpin, a crypto-investor, he had $ 23 million stolen using the same method.
How to avoid a SIM Swapping?
You should know that this technique is generally very targeted. There is little chance of being impacted.
The best thing is to avoid posting personal information on the web. It’s easy to say and maybe already too late, nevertheless it’s always important to be aware of it. So avoid showing your date of birth, or blurring the lines by entering wrong dates of birth.
Prefer an activation of two-factor authentication with an authenticator application, without going through a phone number. The best known is Google Authenticator, there is also Microsoft Authenticator, but we recommend Twilio Authy which offers a synchronization function. Also follow our other tips, like having different words.
You can also use the dual SIM function of your smartphone to open a second telephone number associated with a small mobile format, such as that of Free or Cdiscount Mobile at 2 euros / month. This number could be used exclusively for double authentication of important accesses, such as that of your email address, your Amazon account, etc.
In any case, stay alert, if you lose the network on your phone, quickly call your mobile operator.