With the advent of technology, smartphones have changed the way we think, work, and socialize. They have started to provide numerous advantages, including accessibility and easier communication. People started saving all their personal information and some of their passwords in some security apps on their phones. In addition, many individuals rely on their phones for banking, shopping, etc.. . Consequently, phones have become such an important part of our daily lives. We can say that “Most people can’t live without their phones nowadays. “
How Does SIM Swapping Work?
SIM-Card swapping is one of the easiest scams that hackers can use to deceive the phone holder. A recent article [3] published on 22nd of January 2022 stated that the hacker may have multiple ways, but the most common way is that the hacker may have a direct call– just talking to a person. They may start talking with the victim and acquire the knowledge they need from them through some indirect questions. They may be able to collect some personal information about an individual; for example, getting a person’s birthdate, full name, or address from his public social media accounts. Then, the hacker will call the victim’s phone company in an attempt to impersonate them and answer some security questions gathered from social media. If they succeeded, they will be able to declare that the victim’s phone has been lost.[2] Consequently, the victim will realize that they have lost the mobile device services as it have been linked to a new SIM card and controlled by the hacker.
In August 2019, hackers took over the Twitter account of Twitter’s chief executive, Jack Dorsey, and used the account to post a lot of racist messages and bomb threats. Twitter declared that the account had been compromised. Although Mr. Dorsey’s account was only compromised for a few minutes, it was enough for the hackers to post some offensive tweets. In testimony before a Senate committee held in September 2019, Mr. Dorsey said that he used two-factor authentication to secure his account, so the hackers had been able to trick phone company employees into transferring Mr. Dorsey’s phone number to a new SIM card and using his phone number to access some of the platform accounts associated to the number.[4]
Signs that you are a victim?
• Sudden loss of cellular phone services, including the inability to make phone calls or send text messages, that happens because the hacker must transfer the cellular service to another SIM card and phone to take over a person’s account. As a result, the victim’s phone is left out of service.[2]
•Another approach to find out is if you notice any changes on your social media accounts that you use. If you observe transactions or posts that you didn’t make, someone else is using your account.[3]
Preventing SIM Swapping
Begin by trying to change all the mobile apps and social media accounts associated with that number or by contacting your mobile service provider. You can inquire about their security measures against SIM swapping and the types of information they want before moving your phone number to a new SIM card.
I would agree that it’s usually a good idea to keep your internet accounts as private as possible. It’s unsafe to post a lot of your personal information on public platforms. Furthermore, you can’t trust any social networking platform to keep your information safe. In addition, I would much rather avoid revealing too much of my personal information to the majority of individuals.
Always consider that no matter how we try to make our accounts secure and how many passwords we add to our online accounts, it’s still possible for a hacker to find a way to gain access. We can take some preciousness. For example, by setting a different passcode for each of your account, enabling two-factor authentication on every account that offers it, making sure you’re not falling for scam text messages, and finally knowing what to do if you find yourself a victim of SIM swapping, you’re probably safe![1]
References:
[1]https://www.cnet.com/tech/mobile/t-mobile-data-breach-and-sim-swap-scam-how-to-protect-your-identity/
[2]https://www.priv.gc.ca/en/blog/20200312/
[3]https://www.idropnews.com/news/sim-swapping-explained-whats-sim-swapping-and-why-is-it-so-dangerous/176490/
[4]https://www.nytimes.com/2019/08/30/technology/jack-dorsey-twitter-account-hacked.html
Great post! I have learned a new word “SIM Swapping”. I personally had this experience just a couple of months ago when I moved to another SIM company of my choice. After a week or two, I received a call, and the girl in the other side was saying that she’s a representative of my previous SIM company and she would like to talk to me. Moving forward, she was telling me that she is offering me a better plan with a reasonable cheaper price of my current SIM company I pay. I was almost convince until the moment she was asking me about some the very private information of mine like my date of birth, my address, etc. saying that she would need to verify me. It sounded suspicious to me and I took a step back. Luckily I think I have saved myself from a trap as I always feel uncomfortable sharing my personal details. That mindset saved me I guess. I just learned today that that was a probable SIM Swapping techniques I was getting to surrender myself! Thanks to writer of this post!
d
Interesting post~ As much as I hate to see it, I find it really interesting all the different ways hackers are coming up with to steal your personal information. Before it was just more “haha your personal information is easy to find” and they grabbed if off your social media. Now due to all the security concerns, people are doing better at hiding their personal information, so the hackers decided to become more interpersonal with their calls. Good work!
This was an amazing way to summarize this topic of scam calls. We have all probably at one point gotten some sort of call that said we had either won the lottery or are getting deported and need to give personal information. The unfortunate aspect of these scam calls is the people the target. It’s often newly immigrated individuals who may not know a lot about these scams or vulnerable seniors that fall for this. It very upsetting to see how these hackers take advantage of people in this way. In some cases when they get called out or figure out that someone is messing with them back they get very rude and defensive. I find that aspect kind of funny, originally they were the ones who were trying to scam first and now that it flipped it all of a sudden it’s very wrong? This just makes me think about all the good they could maybe achieve if the just redirected all the energy and time they were spending calling people and scamming into something productive and positive. I liked the fact that you included some preventive measure that tied really well with what we were talking about in class recently. Overall amazing work!
This truly hits all of use close to home. With all of us living in a digital world, and many of us having grown up in it, we can all take something away from this. Personally, I’ve received my fair share of scam texts, primarily being told my non-existent Netflix subscription wasn’t paid, and have also been victim to the robot on the phone, telling us that a box of nondescript drugs showed up on the border with our name on it. Though these are examples of obvious scams, some people fall for these and others receive scams that are more believable, or are disguised as a regular conversation as you stated in the post. This is a terrifying age we live in, where the simple act of picking up the phone can lead to the destruction of our lives, so it’s nice to see someone like you trying to inform your peers about possible dangers in our digital society
This was a very informative post! Its scary to think that a hacker simply needs to come up with some type of scam call script in order to hack a sim card. This also does not take much time to do, after a few calls there are likely to get the information they need. Perhaps to prevent this phone companies(and other companies in general) will need to make the authentication process more strict.
I had never heard of “SIM SWAPPING” before. I am quite surprised that people go to such extends to scam someone. Even though these actions are ethically incorrect, I am baffled with the amount of knowledge these scammers have and how innovative they are in terms of using technology in illegal ways. I think sim card companies should use more strict authentication before closing a sim card, in hope that it might reduce sim swapping cases.
I did not know SIM card swapping scams were a thing either before this. But it reminds me of the many scam calls, links and more that I have seen in attempts from people to introduce malware or gather our information. It also reminds me of when I thought some of the authentication methods phone or bank companies used seemed unsecure, lacking or even just inconsistent and varying by the day or person, which makes me wonder what exactly their authentications processes are and whether they should not be more strict.
Great post, I enjoyed that the post was geared towards educating people on protecting their passwords. Prior to reading this post, I was not entirely aware of the methodology employed by “SIM swappers” to gain access to one’s device and consequently, their social media accounts, passwords, and more. It is chilling to think that by asking indirect questions, SIM hackers have the ability to gain access to our devices, because this is relatively easy to do. This post also made me reconcile with the fact that something like this can easily happen to me, especially considering that I do rely on my phone for a number of activities and tasks.
A very important topic to discuss! I was immediately reminded of “Sim swapping”. This practice involves hackers bribing or working together with individual electronic employees. These ‘bought-off’ workers would then swap YOUR SIM card with a new one and give your real SIM card to the hacker. SIM cards are one of the most vulnerable parts of our phone; with it compromised, we can safely assume we are screwed! This definitely brings into question how much we can trust other people and those who we assume we can trust with our electronics.
There are many news stories on YouTube that go back years on this issue.
Very informative article! It is a bit terrifying to learn that your sim card could be compromised that easily. I had never heard of “sim swapping” prior to this post, and only by reading it did I realize how much information is really connected to your phone number, especially in this digital age. I receive my fair share of scam texts, and I am usually able to determine whether something is legit or not (I heard a tip somewhere that text messages from your phone company are never sent through a phone number, and instead should appear as a string of numbers, like 45055 for example). When it comes to phone calls, it may be more difficult to determine whether something may be a scam or not. Personally I simply do not take calls from numbers I do not know when not expecting a call (which may or may not be a bad idea), however I agree that it is better to be cautious and withhold information if you are not 100% certain a call is legit.
Excellent post, I find exploits like these to be interesting because they require little to no technical knowledge. SIM swapping could be done by anyone. SIM swapping can be as simple as looking at someone’s facebook, collecting a few details about them, and lying to a customer service rep. Once someone has a SIM, the ramifications can be a lot worse than just using their twitter to post weird stuff. If someone’s email has 2FA through SMS, it could be as easy as sending a “forgot my password” request to get their email. If someone isn’t very security conscious, it’s very likely that they could be using email and SMS as their login for everything, so any account they have could be hijacked.
It can be pretty easy to safeguard yourself from something like this. As mentioned, keeping social media private and ensuring you have a reliable telecom provider should prevent SIM swapping in the first place. If one falls victim to SIM swapping, more reliable 2FA methods would prevent more severe consequences.
This was quite an interesting read and I somewhat relate to the incidents mentioned in the article. I had known about scam calls but had not heard about this kind of sim-card swapping scam. I remember after arriving to Canada, my family and friends warned me about these fraudulent calls where they would basically try to trick you to give up your personal information. Well, just after getting my Canadian sim card, I started getting random phone calls from unknown or foreign numbers. Once I picked up these calls, a robotic voice from the other end would start explaining to me how my social insurance number has been compromised and that to fix it I would have to follow certain steps. It seemed pretty obvious to me how these people were trying to be malicious but I can imagine how vulnerable people might fall into these traps. However, what caught my eye from this article was the incident regarding former Twitter CEO Jack Dorsey’s account being compromised even though he had 2-factor authentication. I always enable 2-factor authentication for all my accounts but knowing that even 2-factor authentication can be bypassed surprised me. This actually enlightened me a bit about how even modern security protocols are not enough, regardless of who’s account it is.
This was quite an interesting read and I somewhat relate to the incidents mentioned in the article. I had known about scam calls but had not heard about this kind of sim-card swapping scam. I remember after arriving in Canada, my family and friends warned me about these fraudulent calls where they would basically try to trick you to give up your personal information. Well, just after getting my Canadian sim card, I started getting random phone calls from unknown or foreign numbers. Once I picked up these calls, a robotic voice from the other end would start explaining to me how my social insurance number has been compromised and that to fix it I would have to follow certain steps. It seemed pretty obvious to me how these people were trying to be malicious but I can imagine how vulnerable people might fall into these traps. However, what caught my eye from this article was the incident regarding former Twitter CEO Jack Dorsey’s account being compromised even though he had 2-factor authentication. I always enable 2-factor authentication for all my accounts but knowing that even 2-factor authentication can be bypassed surprised me. This actually enlightened me a bit about how even modern security protocols are not enough, regardless of who’s account it is.
I enjoyed reading this because this was a scam I did not really know about. While I have always avoided giving out information over the phone, it is good to know that my efforts to hide my information weren’t for nothing. Nowadays I always get phone calls with an automated voice on the other line saying I have committed some form of crime, so it makes sense that these are just attempts for them trying to coerce me into giving them my information and eventually getting a SIM under my name. It’s interesting to see that Jack Dorsey of all people would be affected by this, as you would think that a CEO of such a large social media would be weary of such information collection tactics. It is also good to know that there are some loopholes in 2FA, so I know what needs to be avoided. Overall this post was extremely insightful and helpful.
An interesting article that highlights the dangers of SIM swapping. This post does an excellent job on demonstrating the dangers of posting what would normally be considered private information online. It goes to show that even with limited amount of information gained, with enough dedication and diligence, the hackers can use this to their advantage to gain access to areas you might have not even noticed, or would be too late by the time you do. The scary thing is that SIM swapping, while to many may seem like an easy trap to avoid, generally targets individuals who are not generally technologically adept or are not able to realize that they are falling for a trap.
What an interesting post! It’s alarming to think that your personal information and crucial data might be compromised so easily with your SIM card. I had no idea about the SIM swapping scam. Before moving to Canada, I was made aware of the various frauds that exist here, but I do not recall anybody discussing this specific scam. It makes you question how far these hackers will go. You must be astute and aware of these frauds and their consequences. I can see how susceptible folks may potentially fall into these traps and get conned. I was particularly intrigued by the fact that 2FA is no longer sufficient. I think more dependable security measures should be implemented to prevent this from happening.
This was an interesting read! Prior to reading this post, I did not know SIM swapping scams existed. It really just shows how many different methods hackers/scammers have come up with just to get a hold of your personal information (which is a scary thought). In this case, what I found concerning is that they were able to find a way to get around 2FA (or MFA) if the scam call succeeds. After this read, it really reinforces my idea of never answering unknown phone numbers as 90% of the time (at least in my case) are just scam calls.
I also liked how you pointed out to never reveal too much personal information about yourself on the internet or social media. You never know when someone can use that against you or in this case, impersonate you, in order to fulfill their malicious intentions.
Well detailed post , good job . It is always interesting to see that ways of hacking is getting way more advanced , and always how hackers can go all the way to do immoral things to innocent people . Sim-swapping is a traditional way , but people still get scammed .
In overall , Great job !
Amazing writing on this post!! It’s always unsettling to hear of new, or different ways that our information can be compromised, as well as intrusions to security. It was interesting to learn about a new way that scammers have used to take information, especially to such a large scale, with Jack Dorsey, a man largely involved with social media, which is surprising, considering how involved with cybersecurity you would expect one to be in that position. The fact that this impacted Jack Dorsey is also largely scary considering that he is also the CEO of both Square (now Block), which is involved in accepting payments through machines, thought to be securely. This post reminded me that is very important to keep educated on these issues, as I thought two factor authentication was quite strong; I didn’t realize that there are established mechanisms to scam people through this. Additionally, it is an additional warning to be extra careful when providing information over the phone, as you can never be 100% certain that it is going to the right person. I appreciate the extra tips at the bottom of the post as well!! Again, this was a very well written blog post.
Great post, I definitely learned something new. I agree with your point that nowadays, it’s impossible to not have any digital presence. With extensive personal information easily accessible online, it is concerning that so many big companies that we would assume to be reliable still use verifications methods such as asking for date of birth and address to verify identities, especially when private information are often involved in such calls. Hopefully, better and more up-to-date verification methods will soon be implemented by the majority.
Great post. I didn’t know SIM-swapping was a thing. I can not believe how many different ways of hacking now exists around us. Although SIM-swapping isn’t any advanced method of hacking, it is simply trying to fool people in an old-fashioned way. This makes us realize why we should post every single thing on the social media. It also implies that why we should talk to total strangers over a phone call or text message. It is a very well written post.
Shouldn’t **
Sim swapping has become most common these days because most criminals now do not have the must to get near the users phone, but just hack it from any corner from around the world and have access with everything within the sim card. Most hackers do that so as to protect their cover and not to get near the victim.
Hi!
Thanks for sharing a very useful information that I never knew about. I should be really questioning everyone who calls me from now on, because incidents like this (scams) can happen anywhere at anytime. One time I had a incident like this, received an email saying apple have charged me money because I have purchased an app that I never heard of. I ended up calling them, and accidentally giving them some private informations about myself, but they were asking too private questions so I felt suspicious in them but I ended up sending $100 thorugh etransfer. I know it was a stupid of me to get tricked by them, but as I look back, they taught me a lesson to not trust anyone thorugh internets.
I also thought to myself, I should really strengthen my securities on online accounts like social media, bank accounts, etc. So that when an incident like this do happen to me, they don’t have access to online accounts.
Nice topic!!
This is one of the craziest scams because a guy lost $300,000 from his trading app called Robinhood. His private Information got leaked on the dark web where the hacker used this information to get into his account Without him knowing. They accessed his account by calling the sim card provider. Later he got caught, he was 20yr old student from the University of California-San Diego.
Interesting post! Although I did not encounter a SIM-Card swapping scam in really life, I do realize that it is really important to carefully manage your personal information in your social media account. One should never intend to do harm to others, but should always guard against the harm others might do to him. I would agree that double-authentication is always a good way to prevent scam.
It’s surprising how people manage to find a way to misuse and exploit the things provided to help them. It is great that you pointed this out. I had completely no idea that things like this happen. Nice post!
Great post!
The problem you mentioned is very close to our life. Everyone in the world needs to use sim cards for the cell phone. So this is a security issue that we all cannot avoid scam calls. My friends who have been through this scam often get calls from people pretending to be from the government, police or bank to get them to provide their personal information. I think the solution you proposed is very helpful for us, such as avoiding revealing personal information to everyone and setting different account passwords, which can make our account more secure and private!
Very interesting post! It is very good to know about “SIM Swapping”, especially as an international student using two SIMs at the same time, this poses double the threat. It is really a problem that may affect all of us and it is good to be aware of it in order to be able to react properly if it ever happens to us.
Thank you for sharing this topic. I think phone call verification is no longer as secure as it used to be, because the personal information required for verification can be easily found online, such as name, birthday, address. Phone verification doesn’t even need to compare the photo with the person
Super interesting topic. It really is somewhat of an art form for these hackers! Knowing that they are able to get enough information indirectly from a phone call to take over your sim is all the more chilling. That being said, this would appear to be more of a simple annoyance, since most people could just call their phone provider and confirm that they are still in possession of their phone. I wonder if this scam is truly worth the time and effort for the scammer, since it seems so easy to rectify
Great post!
I totally agree with your points in your blog. That is why I never post my birthday and my parents’ names on social media, because personal account verification questions are always about “What is your birthday?”, “What is your father’s name” and so on. I prefer to use my e-mail account as verification for my personal accounts, because I think e-mail verification is much safer than phone number verification. Also, I prefer to use another e-mail account as verification for my main e-mail account.
I must say this is the first time that I heard and learned about SIM-Card Swapping Scam, this is truly a good way to scam people.
This was a fantastic article! It’s terrifying to think that all a hacker needs to do is come up with a scam call script to hijack a sim card. This also does not take much time; with a few phone calls, they should be able to obtain the information they require. To avoid this, phone companies (and other businesses in general) may need to tighten their authentication procedures.