You simply need to be aware of its mechanics. Scammers use digital viruses, online hacking tools, phishing and social engineering as a way to steal personal information, usually aimed at getting access to your money and the SIM card swap scam is only part of the attack.
You know that many online services, including personal finance apps like iCard, need to send you verification codes by SMS messages so you can confirm your identity at login. This is called Two-factor authentication and is becoming widely adopted due to the ongoing increase in cybercrime. To be precise, the SMS code is the second factor of your security credentials at login.
Getting a code by SMS may seem like an excellent way to be protected before you learn about the scam involved in taking over your phone number and receiving SMS messages on your behalf.
Note 1: Don’t freak out, this scam is very rarely possible.
Note 2: Be aware that iCard, nor any other legitimate account provider, will send any sort of message asking for your password or any other personal information sent back, in this case by SMS.
Now, let’s discover what makes the seemingly impossible into reality.
How exactly does the SIM swap work?
How is it possible that scammers can take over control of your phone number?
The first step is collecting information about the victim. This may involve phishing, spying on your social network activity, looking through your inbox messages or purchasing pieces of personal data on the darknet.
In the next step, the fraudster poses as you when contacting your mobile number provider. Then they verify with your previously collected personal information and request transferring your phone number to a new SIM card in the criminal’s possessions. The usual, and totally normal claim, the old one got lost and I’m travelling abroad, prepared with a backup SIM for cases like this.
Done. Now, all messages and calls are going to the fraudster.
Again, it’s not that easy, so don’t panic and see how to avoid this.
How to stay protected from SIM swap scams?
As usual, you just need to be sharp and pay attention to your surroundings.
If your phone goes out of network coverage, you can’t receive calls or messages, then something is wrong. Restart your phone and see if that fixes the problem. If not, immediately get in contact with your mobile provider AND lock up as much as possible in terms of online accounts – change your passwords, especially for your most precious – your iCard account for example. … and call iCard. Our security is a nitch up – letting you login with a number-based passcode, which would normally differ from your standard passwords including letters, numbers and symbols that you usually use for your online accounts, and which could be leaked in data breaches.
Not all mobile carriers will provide phone number recovery service. If they do, you are encouraged to call them in advance and make them lock this so-called “port a number” option. Depending on your mobile provider’s capabilities, you may either set up a passcode for distant servicing or explicitly request that a SIM porting should only happen if you verify your identity at an office, with your ID card.
With hacking, there is never a foolproof strategy. Staying aware of the mechanics that protect your money is essential.