With SIM swapping, hackers can gain access to texts, emails, contacts, bank accounts, and more. Here's an easy guide on how to protect yourself.
Be Cautious
SIM swapping attacks usually start through social engineering. They might call a phone company pretending to be you, or they might call you directly pretending to be customer support.
Most phone providers won't ask you to give them sensitive information over the phone.
If you're having issues with your account, it's best to head to your local AT&T or T-Mobile and settle it. Or login safely via the web portal.
Be skeptical of any direct emails or texts you may get. Check the sender; phishing emails usually have a unique sending address. The text in the email may be misspelled and have grammar issues.
If you are still unsure, the best practice is to log on to the exchange or access your wallet in a separate tab.
Boost Your Security
You’re probably familiar with multi-factor authentication (MFA) by now. If you sign into an account and it requires a code on an app or text, that’s multi-factor.
When it comes to preventing SIM swaps, try to avoid using texts or emails for MFA if you can.
The best option for MFA is an app like Google Authenticator or Authy. A Yubikey is a great alternative if you want to use a physical form of MFA.
Your phone provider should also have additional security settings to protect you from SIM swapping.
The big three phone providers - AT&T, T-Mobile, and Verizon - all have the option to set up a Number Transfer PIN. You should consider turning this on.
That way, if a hacker tried to access your phone, they would need that PIN to port your number to their SIM card.
Once you've set up this PIN, write it down and store it someplace safe offline.
Isolate Yourself
Handling business on your phone is convenient, but it's a goldmine for hackers.
It's a good idea to keep sensitive information off of your everyday phone and move it to another device.
Whether that is a cheap computer, tablet, or another phone, pick something that's easily accessible and light on resources.
And try not to use it for anything other than things like banking, crypto, etc.
Also, avoid public Wi-Fi on your dedicated device. Public Wi-Fi is usually under-protected due to weak passwords and encryption.
Your confidential information is a lot easier to obtain. Access your funds
from a private connection. If possible, connect to a VPN.
Wrapping Up
Be wary of all questionable emails, calls, and texts. If you want to be sure, log into your account in a separate tab. If the warning is legit, you'll see a notification.
Add MFA to your important accounts. It's better to use an app or physical device for an extra boost.
Contact your phone provider to set up a Number Transfer PIN.
Consider a dedicated machine to isolate your day-to-day phone from important business.
