If your mobile phone gets stolen, a SIM swap is a great security benefit as you can quickly invalidate the SIM in the stolen phone, so the phone thief is unable to rack up calls on your phone. However if the crook is the one perpetrating the SIM swap, then he/she has access to your incoming calls, messages and passwords.
With SIM swap, attackers can change your profile settings, add new payment recipient accounts belonging to accomplices, and pay money out of your account. As the account settings are changed, it is harder for banks to spot the fraud.
Sophos recommends the following measures to prevent SIM swapping:
- Watch out for phishing emails or fake websites that crooks use to acquire your usernames and passwords.
- Avoid obvious answers to account security questions. Consider using a password manager to generate absurd and unguessable answers to the sort of questions that crooks might otherwise work out from your social media accounts.
- Use an on-access (real time) anti-virus and keep it up-to-date. One common way for crooks to figure out usernames and passwords is by means of keylogger malware, which lies low until you visit specific web pages such as your bank’s logon page, then springs into action to record what you type while you’re logging on. A good real time anti-virus will help you to block dangerous web links, infected email attachments and malicious downloads.
- Be suspicious if your phone drops back to “emergency calls only” unexpectedly. Check with friends or colleagues on the same network to see if they are having problems. If you need to, borrow a friend’s phone to contact your mobile provider to ask for help. Be prepared to attend a shop or service centre in person if you can, and take ID and other evidence with you to back yourself up.
- Consider switching from SMS-based 2FA codes to codes generated by an authenticator app. This means the crooks have to steal your phone and figure out your lock code in order to access the app that generates your unique sequence of logon codes.
