Be on guard against cryptocurrency heists using the chiseler’s technique called “SIM swap,” which is to break in into online accounts of the target individuals to steal their crypto assets.
All data breaches are not good, but they come in different degrees of bad.
A hacker from the dark web asserted to have acquired 100 million data from the service of T-Mobile and has auctioned off some of it for $286,000, equivalent to 6 Bitcoin.
The accumulated data from the SIM swap doesn’t just include names, phone numbers, and addresses, but also sensitive information like driver’s license information, social security numbers, IMEI number, and distinctive identifiers that are tied up to their mobile device.
SIM swap attacks have run havoc these past years, and this previous data breach that T-Mobile vouchsafed was used to execute them. But first and foremost, let’s dive into what a SIM swap attack is.
SIM Swap Attacks
A Subscriber Identity Module (SIM) card is a pluggable constituent of mobile phones, inserted through a phone carrier like AT&T.
SIM cards connect the phone to an associated phone number and a customer. Because the card itself is removable, it can be inserted into another phone, or even the data it contains is transferable to another SIM card. The latter is where hackers come in.
A SIM swap occurs when a hacker acquires the information in your SIM card and transfer it from your phone to theirs. This mostly happens through phone theft, but it can also be done remotely.
To execute a SIM swap remotely, the hacker will either go to the physical shop of your phone carrier and put on a false front pretending to be you or call them up remotely. These bad actors might also have gathered information about you from a separate hack or have a partner in crime within the company itself.
After the hacker persuaded your carrier’s customer support to allow the transfer on your SIM card, they will have dominance over your phone number, having access to every message and calls you will receive. As well as to the applications downloaded on your phones such as Facebook, Instagram, and even financial applications.
Cryptocurrency and SIM Swap
We often hear the phrase “use two-factor authentication” to protect your cryptocurrencies, however, although it could be a help, even 2FA won’t be able to give you a 100% layer of protection against SIM swap.
If a spammer has come into possession of the username and password of your cryptocurrency account(s), they would still not be able to access it because of the additional security that two-factor authentication offers.
It would be necessary for the hackers to authenticate the log-on attempt through an email code, message code, or even phone call. However, because of the SIM swap attack, they could receive the code to open the account and take over your cryptocurrencies.
Even one of the biggest carrier mobile networks in the US, AT&T has been sued for a data breach after a SIM swap that led to a cryptocurrency heist that costs about $1.8 million.
To your worst luck, once hackers get a hold of your funds, it will be almost impossible for you to retrieve them.
So, if you own a cryptocurrency, especially if it is publicized that you do, make sure to protect your crypto assets by adding extra layers of protection and precautions.
Limit Information Shared Online
The Federal Trade Commission (FTC) suggests that people hold in check the amount of information they share online.
You should never reply to text messages, calls, and emails that ask demands you to give details of your personal information. These are most like phishing attacks that hackers could use to obtain sensitive data like credit card and social security number information.
By providing vital information like your full name, phone number, and address on public sites, hackers are given much data to execute their heist.
Use Strong and Unique Passwords
Use a unique password that is almost impossible to guess, containing no less than 12 characters to protect your phone’s online account. Make sure to change them regularly.
Adding security questions that even your closest friend and family wouldn’t guess will be a good move.
Remember, passwords are your baseline protection. Once the hacker acquires it, and you’re adopting it to all of your accounts, then your accounts are at high risk of getting compromised.
Add a Secret Code or Pin
Even if the hacker already has a lot of your information, if they don’t crack the secret code or pin, they will not be able to move forward to their plan.
Just as you can put two-factor authentication on your social media and financial accounts, 2FA in emails are also possible. So, you need to put 2FA to your email, giving you a quadruple layer of protection.
It would be better if you will connect your parent’s email, your dad’s, cousin’s, or anyone you trust in your email account’s authentication.
Generally speaking, email addresses that are connected to your social media and financial accounts are so important. Yet, it is so easy for hackers to access them.
If you visit the website Have I Been Pwned, you will be able to see the data breaches that took place in your email account in the past. The hackers could take advantage of this breach information to get into your email.
Most often than not, people use almost the same account password that they used with their emails. For instance, you’ve signed up to a site called Animal Jam, and it suffered a data breach including your password.
Hackers could log in to your email account through their gathered data if you are using the same one just as your Animal Jam account.
Ensure that before hackers could completely execute their SIM swapping scheme, there will be an email confirmation that will be sent before switching it over. If they don’t have access to your email, their action will be futile.
Face/Touch ID Authentication
Face, or fingerprint authentication is not available, but you must make use of these two-factor biometrics whenever possible.
If you have such a feature, make sure that you set up facial recognition or fingerprint reader as a requirement to log in. Remember, even hackers who acquired your phone number through a SIM swap will never be able to imitate your biometric data.
Hardware Wallets
The best and well-proven way to protect your cryptocurrencies against hackers is by using a hardware wallet.
The digital currencies themselves can never be stores inside the hardware wallet. They will always be tied within the blockchain ecosystem. So, people have thought of ways on how to secure cryptocurrency away from hackers.
A hardware wallet offers strong security and utility for cryptocurrencies by providing a small USB-like device that puts the private keys offline. This provides tight security against online attacks on the owner’s crypto holdings.
The primary job of the hardware wallet is to keep the private key, serving as a lock to close and open the blockchain address where the cryptocurrencies actually reside.
Hardware wallets like Trezor and Ledger can be connected to MetaMask, which you can use to participate in DeFi. There are quite a lot of cryptocurrency wallets to choose from aside from the two mentioned.
