SIM Hijacking Explained and Conquered

You probably think you are safe since you have set up two-factor authentication on your financial accounts, right? After all, you need “something you know” (your password) plus “something you have” (a PIN that gets texted to your cell phone) to log into your account. Sounds secure enough, doesn’t it? There is no way that someone could randomly guess the PIN, but what if hackers found a way to route your text messages to themselves instead of to your device? That is exactly what happens with SIM hijacking, and you should be informed enough to help prevent it from happening. Keep reading to discover what SIM hijacking is and what you can do to protect yourself from becoming a victim.

What Is SIM Hijacking?

The SIM card in your cell phone contains all the user data that your wireless carrier needs to send calls, texts, and data to your device. Your SIM card allows your phone to register with the wireless network so that your carrier knows who you are and how to reach you when someone attempts to call or text. Your information is unique, so when someone calls your number, your phone is the only one that rings. That sounds easy enough, but what if someone found a way to get your information onto their SIM card so that they were receiving your calls and texts?

You may be wondering how that could possibly happen. Imagine this scenario. A hacker calls your wireless carrier impersonating you and tells the carrier that they have lost their SIM card or would like to activate a new device. Your carrier will typically ask some basic questions for account verification. They will usually ask things like your address, date of birth, and maybe even the last four digits of your social security number. Unfortunately, most of these items are extremely easy to find on the web. It is entirely possible that even the last four digits of your SSN have been sold on the dark web, so the hacker is able to verify the account with the carrier.

Upon account verification, the wireless carrier will register the new (hacker’s) SIM card with your information. Now, all your calls and texts are going to the hacker’s device instead of to your phone. This can be extremely dangerous because most two-factor authentication systems are set up to use SMS text messages as the second factor. The hacker can now log into your financial systems, receive the PIN via text to complete login, and wreak havoc on your money or credit. While this absolutely seems like a scary situation, there are some things you can do to help prevent this from happening.

SIM Hijacking Prevention

One of the first things you can do is to beware of phishing scams. If hackers cannot get access to your personal information such as the last four of your SSN, your account passwords, or other information, then it will be very difficult for them to do any real damage to your account. Never click on suspicious links or share information with anyone unless you verify their identify prior to sharing.

Next, make sure you boost the security on your wireless account as much as possible. Be sure to use a password that is extremely strong and not something that you use on other accounts. It also goes without saying that we strongly recommend avoiding using public wi-fi networks — even using the hotspot on your smartphone is much more secure than a public wi-fi. 

Ask your wireless carrier if you can setup a PIN to access your account that is not the last four digits of your social. If you set this number and only you know it, then it will be nearly impossible for a hacker to gain access to your account.

Finally, keep an eye on the warning signs and act immediately if you notice anything suspicious. If you notice that you can no longer receive texts or calls, then contact your wireless carrier immediately. This could be a sign that another SIM card has been activated with your information. Also, watch your emails closely. Most wireless carriers and financial institutions will send you an email confirmation of account changes or logins from new devices. If you get a message like this, you should act quickly to regain control of your account before any major damage is done.

While SIM hijacking is scary and becoming more popular, it does not have to keep you up at night if you take the proper precautions. Make sure you have strong passwords and PINs in place to protect your accounts and consider using something other than SMS to verify your two-factor authentication. Keep an eye out for warning signs and act immediately if you notice anything out of the ordinary. If you’re ready to dive deeper into security, make sure to register for our FREE security awareness webinars!  

Hackers are becoming more and more creative with ways to scam people, but you can keep yourself from becoming a victim by following the tips laid out above and having a reliable managed service provider on your side.