What are the best ways to prevent a SIM swapping attack?

News

SIM swapping is reportedly on the rise. How do SIM swaps work, and what are the best ways to prevent it?

Mobile phones are often an important part of two-factor authentication (2FA) processes, but they have certain security risks like ordinary single-factor password processes. For devices connected to cellular networks, SIM swaps can open a path for attackers to bypass authentication.

SIM swaps occur when a malicious actor using social engineering techniques convinces a cellphone carrier to switch the target’s phone number to a new device. This can give the attacker access to bank accounts, credit card numbers and other sensitive information when 2FA systems use Short Message Service (SMS) — ordinary text messages — to send authentication codes to victims.

An in-depth report about SIM swaps and their impact was published last year by Brian Krebs, an information security journalist. Krebs found stealing cryptocurrency was one of the highest profile types of SIM swap attack. In addition, the same attack could be used to access any 2FA system that relies on SMS authentication codes.

In one example, an attacker executed a SIM swapping attack against its target and was able to steal its cryptocurrency. The same attack could be conducted against banks or other financial accounts that rely on SMS for 2FA.

To defend against these attacks, Krebs suggested using an authentication app like Google Authenticator or hardware token-based authentication. If your carrier allows it, using a customer support password may also help.

Given the rise in attacks using SIM swaps, pressuring your cellular carrier to improve its operational security around SIM cards and accounts may also be needed. Migrating away from SMS-based authentication should be considered.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Products You May Like

Articles You May Like

Hacker Breaks Into French Government’s New Secure Messaging App
ProcessOut improves payment data visualization
Embracing creativity to improve cyber-readiness
A new Tesla Model S can now drive from Los Angeles to San Francisco on a single charge
Facebook Uploaded 1.5 Million Email Contacts Without Consent

Leave a Reply

Your email address will not be published. Required fields are marked *