SBN

SIM swapping security risks: What they are and how to protect yourself

Introduction

The joke that someone needs to have a mobile phone “surgically removed” is not too far from the mark. Mobile phones have become ubiquitous and intrinsically linked to our digital identity. This connection to online life has made the mobile device a target for many types of cybercrime exploits. One of these is the scam known as SIM swapping.

Mobile devices are an amazing success story. Researchers at Pew Research found that almost all (96%) of Americans own a mobile device. And across the world, 3.5 billion people own a smartphone. 

Wide-scale mobile ownership has presented a dichotomy for security and digital identity. Mobile devices offer a great way to connect a user to an account via out-of-band authentication, e.g., SMS text PIN. But the same ubiquitous nature of mobile devices and the strong connection between device and personal online accounts and data make them a target for cybercriminals.

What is SIM swapping? Are there ways to protect ourselves from becoming a victim of SIM swap fraud?

What is SIM swapping?

SIM swap scams can result in large financial losses by individuals. The crime has many faces, but all revolve around the takeover of a mobile device. From there, the device is used for purposes of extortion, data theft and account takeover.

Some examples of a SIM swap hack include:

  • A British man who lost £80,000 (almost $100,000) when his mobile operator moved the man’s phone number to a fraudster. The operator believed the fraudster was the legitimate owner of the phone
  • A SIM swap scam in Brazil targeted over 5,000 victims. This SIM fraud involved the use of WhatsApp to make urgent money requests to listed contacts who believed the message came from the mobile owner, e.g., a friend or family member
  • (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/JPu_Mm9O8GQ/