Cyberattacks that can steal personal data are on the rise. While most people are aware of phishing attacks, very few are alert to the dangers of so-called SIM swapping, whereby cybercriminals get hold of a duplicate of a victim’s mobile SIM card. With a duplicate SIM, they can then circumvent the two-step verification process that protects services like your banking app. The problem is so severe that the FBI issued a warning about SIM swapping and in light of this, Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cybersecurity solutions globally, has put together three simple tips to avoid becoming a victim.
What is SIM swapping?
SIM swapping happens when a cybercriminal obtains a duplicate of your SIM card. However, in order to do this, they need access to your personal data such as ID, phone number and full name, which they can get hold of using phishing techniques. Then they can simply contact your mobile operator and impersonate you over the phone or internet or even by visiting a physical store.
Once the duplicate SIM has been obtained, the cybercriminal only has to insert the card into a device to access all the information and data of the victim’s account including call logs and message history. From that point on, s/he has complete control and it is easy to access your banking app and steal your money by moving it to another account. Although this would mean using a verification code, don’t forget the attacker has access to your mobile line, so all they have to do is copy and paste the code that was intended for you.
How to stay safe:
Be careful with personal data: This is the information that cybercriminals need to duplicate your SIM. This is why it’s so important to be careful about the websites you visit. Make sure the site in question is official and that it has all the various security measures in place, such as an encrypted connection. Look out for the padlock symbol in the address bar, which shows that it has a valid security certificate, and that the URL begins with httpS://, if it does not include the final -S://, it could be a risky page.
Be aware of phishing: You need to know the tell-tale signs of a phishing attack to prevent them from gaining access to your personal data. Look out for emails and text messages with spelling mistakes even if you know the sender. Pay close attention to the domain name to make sure it’s genuine. The same applies to strange looking links or attachments. Often, these types of details are signs of a phishing attack.
Look out for loss of signal: One easy and sure-fire way to find out that there is a duplicate SIM card, is that you will completely lose your mobile signal. This is because you will now have a phone with a SIM card that has no access to a mobile network. As a result, you will no longer be able to make or receive calls and texts. If this happens, you need to contact the authorities and your mobile operator so that they can deactivate the SIM and start the process of recovering your data.
"Cybercriminals are always looking for new ways to steal your data to achieve their goals. It’s important that people are able to spot the signs of an attack. If you’re not aware of these tell-tale clues, you’re putting yourself at higher risk and are more likely to suffer more serious consequences. This could mean having your bank account emptied or you could fall victim to identity theft which would enable the criminal to buy goods and services over the internet in your name," warns Teong Eng Guan, Regional Director, Southeast Asia and Korea at Check Point Software.