There have been several accounts in recent months about people who have lost money—sometimes even millions of dollars—as a result of unlawful SIM swapping. Cybercriminals are increasingly using SIM switching as a common method for getting around two-step authentication. A copy of your SIM card is often obtained by a cybercriminal in SIM swapping. However, to accomplish this, they require access to your personal information, which they may get using standard phishing tactics. This information includes your ID, phone number, complete name, email address, birth date, etc.
Then, they only need to get in touch with the mobile provider to impersonate you on the phone, online, or even in person. Once they have a replica SIM, they may also obtain OTPs and do bank account verifications and other tasks for the subscriber. Many of them have successfully stolen money from accounts in the past using this precise method.
However, how can consumers defend themselves from SIM swapping? Researchers from Check Point have provided the following advice.
Keep an eye out for signal loss
If your cell connection disappears entirely, there may be a duplicate SIM card present. This is because your phone will now have a SIM card but no access to a mobile network. You won’t be able to send or receive SMS or calls as a result. If this occurs, you must immediately get in touch with the police and your cell provider so that they may disable the SIM that the hackers are using and begin the process of retrieving your data. If you do see that this occurs, try to get in touch with your bank to prevent any transactions right away and inform them of a potential SIM fraud.
Protect your Personal Information
Be cautious while handling personal information since hackers can clone your SIM card using this data. This is why it’s so crucial to be cautious while choosing which websites you visit. Verify the website’s legitimacy and the presence of all necessary security measures, such as an encrypted connection.
Watch for the padlock icon in the address bar, which indicates the presence of a valid security certificate and that the URL starts with HTTPS://. If the URL omits the final -S:/, the website may be unsafe. Never submit personal information on any website that requests it, particularly on websites whose links you could get through a WhatsApp message.
Be on the lookout for phishing
Even if you know who sent the email or text, be wary of misspelled emails and texts. To ensure it is legitimate, pay particular attention to the domain name. The same is true for links or attachments with an odd appearance. Such information frequently indicates a phishing attack.