sim-jacking

SIM Jacking can empty your bank account with a single phone call!

SIM jacking is also commonly referred to as “SIM-swapping,” ‘SIM porting,’ ‘port out fraud,’ ‘phone porting,’ and ‘sim hijacking’ is the ‘New’ crime on the cyberspace and it’s taking down victims one by one with the perpetrators getting better and elusive everyday.

The mobile phone fraud scam has jumped up in popularity over the past couple of years, and there’s very little to stop you from becoming a victim.

So what are we talking about here? let me just briefly describe ‘sim jacking’ aka ‘sim swapping!’

Sim-jacking is an attack in which your phone number is migrated away from your SIM card / phone to a different SIM card / phone that an attacker controls. The attacker then uses this access to your phone number, usually via text message, to gain access to your other internet accounts. They do this by “recovering” access to an account (e.g., Google) or in conjunction with other information or access they have (e.g., using a previously leaked password + SMS 2FA).

Technology has been a real godsend for fraudsters. 

… scammers can simply transfer your phone number to a new SIM card and gain access to every penny in your name!

SIM-jacking differs from other forms of hacking in that it doesn’t require any technical know-how; all you need is a conman’s skills of persuasion and a basic grasp of identity-theft. This is perhaps why it’s growing at such a rapid rate, with incidents increasing exponentially everyday.

Considering just almost all of Kenya’s population now use mobile banking/money, there’s obviously an ever-growing pool of targets for SIM-jackers to prey on – but experts say the crime also appears to have been fueled by the increased use of crypto-currency.

One of the reasons SIM-swap attacks are so effective is that many mobile phone carrier representatives are easy to socially engineer,an attacker can call your phone provider, pretend to be you and spin some story to get the support agent to transfer your number to a SIM. If he runs into any friction, he can hang up and try again with another agent.

Given that your network provider is unlikely to be your best form of defence against SIM-jackers, is there any way to ensure you don’t fall victim to the crime? 

The answer would remain to being vigilant and paying attention to your phone acting weirdly. you may also consider against using some apps in case you suspect your SIM is swapped, your account maybe compromised.

If you do end up the victim of a SIM-jacking attack and your phone is cut off or you are contacted by the perpetrator directly, not all is lost. The outcome of the pickle in which you find yourself really depends on where you are and the time of day. The first thing to do would be to contact your cell phone carrier right away. If they offer 24/7 customer support you should be able to quickly explain the problem and learn whether or not the attacker made additional account changes that might prevent you from regaining control. It will likely take the attacker a good deal of time to go from assuming control of your phone to taking over email and social media accounts. You should try to log into your accounts from a computer in the meantime to maintain control. If you’re unable to log into your email account or any other account for that matter, then you’d have to reach out to that provider’s support for further options.

Considering network operators often tout themselves and their products as making life more convenient for consumers, it’s unlikely they want their customers to have to roll back on the convenience they’ve become accustomed to. But until they devise some stricter security protocols to curb SIM-jacking before it becomes even more popular, they’re not giving us a lot of choice.

As you can tell, SIM-jacking attacks shouldn’t be taken lightly, and they can ultimately cost you a lot of time and money. The best way to avoid falling victim to them is to proactively secure your cell phone account with the most stringent security settings offered by your carrier, and by maintaining proper security hygiene across all of your online accounts in general. A good starting point would be to audit your security posture across your entire digital life and identify where you need to improve. Set strong, unique passwords for each respective account, enable multi-factor authentication wherever possible, be on your guard for suspicious emails and phone calls that could be phishing attempts, and avoid sharing too many personal details on social media. While SIM-jacking is an emerging and formidable threat, it’s just one example of the many types of online attacks you can prevent using these security best practices.

follow

Peter Kivuti

Lead Concept Developer at KayTouch Solutions
Data Modelling, Design & Development
Peter Kivuti
follow