What is SIM Card Hacking?
Sim Card Hacking, also known as a SIM Swap Attack, SIM Port Hacking, or SIM Hijacking, occurs when a hacker persuades your cell phone carrier to move your cell phone number over to their device instead of yours. This causes any calls or texts to go to the hacker’s device instead of your own. For businesses, this can also mean exposure of business accounts that the user may have tied to their phones.
What can a hacker do with SIM Card Hijacking?
While it may not seem like a big deal for someone else to be getting those pesky family group texts, your phone is typically tied to high-security accounts with multi-factor authentication (MFA), making this a VERY big deal. For example, say a hacker is trying to access your bank account. Most banks require an additional verification passcode with MFA before you can log in. Instead of that verification passcode being sent to your device, it is now in attacker’s hands. For many businesses doing business in the cloud, their employees access their work accounts through their phones. If your employee's SIM card is Hijacked, it could put your business's network in a compromised position.
Phishing and SIM Swapping
Phishing is also a high-priority concern as it relates to SIM Swapping. Not only will hackers receive the calls or texts coming through, but they can also send messages as this cell phone number. For businesses, this mean a hacker could be sending messages posing as your employee asking for documents, access or other insider information that might normally be fine if in the hands of your employee, but detrimental if in the hands of a hacker or made public.
How might this happen? Say you get a text from a friend that links to a funny video. You might click on this link, not knowing that it is some sort of virus or malware that you just downloaded to your device. While this is only one example, there are many sinister possibilities that hackers have designed when they pretend to be someone else to extort your information.
How to protect SIM Cards from Hackers
Since SIM Card Hacking has become a growing concern for both users and cell phone carriers, many big service providers now provide options to further ensure your account security. In addition to utilizing your cell phone carrier’s resources, you can also take some measures into your own hands.
Avoid and Educate about Phishing Attacks
We already talked about the importance of how hackers can use a hijacked SIM card for phishing, but they can also get your personal information through phishing attacks. Here are the best practices and tips to avoid phishing schemes. Talk to your Employees about Phishing, external email and text requests and educate them to be aware of and better identify these requests. Being on alert and aware of these types of attacks is the first step in keeping them from affecting your organization.
Limit the Data You Share
Just like you need to be mindful of phishing attacks, it is equally important to be cognizant of what you’re sharing online. While it might seem harmless to share personal details of your life on social media, that information might also make you more vulnerable to an attack. People who are experienced in social engineering and Phishing might be able to use that information against you later on. Pro Tip — Don’t forget always to keep your social media profiles private too!
Require an In-Store Visit Before Swapping Your SIM Card
Requiring an additional pin for your account is one way to stay secure, but requiring an in-person visit is even better. Attackers may try to do an in-person SIM swap, but it is a lot less likely and significantly harder for them to pull off. Unfortunately, phone carriers are notorious for ignoring notes about in-person phone swaps in your personal profile. The good news is that with the increased visibility of SIM card hacking, we’re hopeful that this will continue to improve.
For more tips on protecting data, and what to do if you are hacked, this article from Medium provides a great resource.
Understand Cyber Hygiene with experts at MindPoint Group
MindPoint Group works with businesses to help create zero trust environments and secure cloud services for work in the most secure environments. We also help organizations identify their company's level of Cybersecurity Hygiene, and identify gaps in documentation, staff training, and systems, to ensure more secure environments that help prevent cyber security attacks. If your company is looking to work with the Federal Government, Secure Cloud services or to create a Zero Trust Architecture, let the experts at MPG be your first call in cybersecurity.
