You’ve taken steps to safeguard your accounts, like using a unique password and setting up alerts on your phone. However, a thief could still easily bypass these measures by stealing your phone number, which is now becoming a prevalent tactic.
What’s SIM jacking?
Known as SIM jacking, this attack involves transferring your phone number to a SIM card controlled by the hacker. With your number in hand, they can gain access to your bank accounts and other services that rely on phone verification without needing your password. This makes it simple for them to reset passwords and take over your accounts.
In this new approach to SIM swapping, attackers exploit leaked, stolen, or guessed passwords to transfer your number to their phone’s eSIM using a QR code feature meant for easy phone switching. This method makes the theft less complicated, especially since embedded SIMs are common in modern phones and work with all major carriers.
Previously, a successful SIM swap required physical access to a store or social engineering to convince an employee to facilitate the transfer. The new method bypasses these steps, making it more convenient for attackers.
You’ll immediately notice if you’re a victim of SIM jacking when your phone loses service because it’s no longer linked to your account.
How do I protect myself from SIM jacking?
To defend against SIM jacking, use a strong, unique password for your mobile account and set up two-factor authentication if possible. Adding a PIN for account changes can also help. Strengthen the security of your important accounts with complex passwords, enable 2FA options where available, and secure the associated email accounts.
Consider using a second phone number for SMS-based 2FA to avoid potential risks. Switching to providers that offer robust 2FA can also enhance your security. Improving your password practices and implementing stronger 2FA methods can significantly reduce the risk of SIM jacking.
For additional protection, consider using a second cell line on a cheaper plan or a Google Voice number. However, be aware that not all services support Google Voice numbers for SMS 2FA due to potential fraud concerns.
By strengthening your password practices and implementing robust 2FA measures, you can enhance your overall security. If you need assistance with password management or understanding 2FA options, refer to our guides for recommendations and solutions.