Tuesday, 13 October 2020

How to prevent SIM Swap Fraud? Know Everything

Here are the 7 Tips that you can prevent SIM Swap Fraud



1. Put a pin passcode on your account and on your SIM card

So in this case the attacker or the hacker would need to know what the pin or the passcode is before they can get anything transferred or anything changed on your mobile carrier account. so when they call in if a customer service rep is like oh well you have a passcode on your account what's the passcode they would need to know what that passcode is.


Now, this does not necessarily always work if there's an insider threat for example or if the customer service rep really just wants to get you off the phone and really just wants to help you they might try to clue you into what your past is. which is not a good thing for customer service reps to do.


2. Answer security question securely


The same thing goes for security questions. A lot of times companies might set security questions that allow you to authenticate who you are? for example mother's maiden name or name of your first car or name of your first pet. I suggest to people to use weird really strong authentication answers for things like that if you can't just disable them altogether.


so for example, if I was talking to customer service and they said what's your mother's maiden name? my answer this is not my real answer but my answer would be something like a favorite verse from one of my favorite songs a scrub is a guy that thinks he's fly can't get no love from me now obviously that is not my mother's maiden name but it's also not something that would be easily guessed. unless an attacker somehow knew what your favorite verse from your favorite song was?


3. Upgrade Your 2 FA


Not all companies that you are going to do business with online offer good two-factor authentication options now while you still should sign up for two fa if they have text-based authentication. if they offer something better like at based tokenized hardware tokens as a two-factor authentication protocol then you should switch to that immediately.


In the case of app-based 2FA this means that they send you a code to an application which is installed on your phone via iOS or Google Play. this app-based token changes every 30 seconds and it is tied to your phone as opposed to your phone number.


There's a whole bunch of different applications that you can choose from that are free they are readily available and they are cross-platform and that includes Google Authenticator that includes authy there's a whole bunch I prefer Google Authenticator.


Luckily a lot of companies have started taking this a lot more seriously because of sim swapping so they have started implementing app-based or Hardware tokens as an option. so for what it's worth app-based is a really really excellent option however if you want to take it a step further you can also do hardware tokens.


4. Make note of PII (Personally identifying information)


Either making notes offline or mentally of all of the data that a company might use to authenticate you or in this case, an attacker could use to authenticate themselves as you with the company.


So that could include your date of birth any credit cards that are associated with the account a physical address or a mailing address or an address that you use on the company's account your name or your screen name or email addresses associated with that account security answers a pin code basically any of that information that they might use against you.


5. Be aware of phishing scams


Phishing scams happen all the time over email I have gotten phishing scams sent to me attackers send these emotionally triggering scams over email all the time. They try to get you to click on something and log in to a page that might look like the real deal for a brand like your mobile carrier but in actuality are a website that they created. so that they can steal your password and your email address or your username and your 2FA code


6. Upgrade to Encrypted texting


SMS is not necessarily encrypted that's my sixth tip so since SMS is not encrypted on its own a lot of times you will want to use an encrypted platform like signal or WhatsApp or iMessage.

All of these are third-party services that allow you to send text messages back and forth. which means that when you are receiving those two-factor authentication codes from your brand from the company that you're trying to log into on their website or wherever it is that means that that 2FA code is encrypted.


So if somebody was trying to snoop on your data or sleep on your phone. They would not see it in plain text because it is already encrypted and it just looks like gibberish so the core problem here is something that we have not fixed as a society it's the fact that we look at phone numbers as being a part of your identity that is allowed to authenticate you because we tie our phone numbers to our identity that opens us up for vulnerabilities it is especially bad. if your phone number is widely accessible or if it is something that is shared with a lot of folks.


7. Switch to google voice for 2 FA codes


Only use two-factor authentication codes. this phone number is used for platforms that just don't allow us to set up an account without having a phone number. so that way even though they're associating my identity with a phone number.


Nobody else knows that identity, nobody else knows that phone number which means you just a little bit more protected you might look at that idea and think. Google Voice is free and it doesn't necessarily mean that you have to have a phone either you can set up Google Voice to just send messages to your computer


Now one thing don't do is to forward Google Voice text messages or Google Voice messages to your actual phone number phone because if somebody stole this phone number they would also get those transfers of text messages and phone calls so I don't forward anything over I just keep it completely separate

No comments:

Post a comment