How to Protect Your Phone From SIM Swaps

The risk of a SIM-swap hack is one of the main reasons crypto holders take off their crypto from exchanges and other hot wallets to cold storage whenever possible. Over the years, cryptocurrency holders have suffered under the ruthless thumb of SIM swap hackers losing billions as a result. One of the biggest cases of hackers stealing huge sums of crypto through SIM-swapping was reported in 2018 when Mr. Terpin (an early Bitcoin investor) lost $24 million worth of crypto through a SIM-swap hack. The attackers comprised a group of 25 hackers called “OG Users” who in total stole $80 million in digital assets by defrauding victims via phishing attacks and other methods.

At its core, a SIM-swapping attack is when hackers use false identification documents to port a victim’s phone number to a second phone number they control. The hacker then intercepts the victim’s messages and takes over the two-factor authentication codes to access the victim’s account and obtain private keys from the victim’s wallet. While a SIM-swap attack can happen if the attacker steals your phone and removes the SIM card, in most cases the attack is done remotely.

For crypto holders, SIM-swapping, SIM splitting or SIM-jacking is one of the most serious attacks and should be prevented by using recommended cold storage options and reliable 2FA authentication methods. In this article, we will walk you through ways of protecting your crypto holdings from SIM-swap attackers and how to identify a SIM swap attack before it happens.

What is a cell phone SIM swap and how does it work?

A SIM card simply refers to a Subscriber Identity Module card that is used by a cell phone network provider to identify the user. For example, a cell phone carrier such as Verizon or AT&T will link the chip on your phone to your identity using the associated phone number. In essence, the card itself can be removed and the data transferred to another card.

During a SIM-swap attack, the hacker transfers the information on your SIM to a SIM they control. In most instances, the hacker will call your phone carrier (AT&T, Verizon, or so forth) and pose as you to authorize the SIM swap.

How they access your personal information

To pose as you, the hacker needs your personal information and this can be obtained through various means. According to experts at Efani (a phone service company) hackers can use some aspects of social engineering and phishing attacks to get access to your personal information. In other cases, they can buy personal information on the dark web or scrape it from social media sites. Since two-factor authentication (2FA) through your phone uses SMS messages that require the service provider to generate a one-time password (OTP), the hacker goes for the SIM swap attack as it’s the key to your login credentials.

Other methods include:

SIM cloning

This is where an attacker, using a special cloning device, will duplicate your SIM card in as little as 10 minutes. This method requires physical access to your phone. Once the original SIM has been cloned successfully, the hacker will disconnect your SIM (the original SIM) and bypass all your security procedures.

SIM splitting or porting

SIM Splitting works by adding a second SIM card to the same mobile number. This method is achieved when a hacker finds valuable personal information about the victim then calls the network provider and persuades the network provider to authorize the SIM port process. While SIM cloning requires physical access to your phone, SIM splitting requires access to your cell phone network provider. In most cases, hackers will research their victims and gather valuable personally identifying information that can be used to bypass security questions.

In other cases, the hacker might have an insider at the phone carrier company who will conduct the SIM-swap for a bribe or a cut of the funds. This is why it is important to check your phone carrier’s privacy policy and guidelines for SIM swapping to a new phone. Once the SIM split is successful, the hacker will receive all your texts and calls. They might also reset your previous passwords making it difficult for the original owner to access or restore accounts and applications.

Cross MNO SIM porting

Network technology advancements have made it possible for mobile network providers to allow subscribers to maintain their phone numbers while switching from one network to the other. However, using similar methods as in SIM-splitting, a hacker can sign up to a new mobile network provider using stolen credentials (e.g. ID number, Social security number, etc.) to convince your network provider to port your SIM card’s number to a new network on a device they control.

Remote SIM splitting

According to network security experts at Efani, a more recent SIM Splitting trend involves the use of social engineering techniques where hackers convince mobile network operators to provide remote access to their desktop. Hackers then get direct access to the tools required to perform a SIM split.

Early signs of a SIM-swap attack

One of the early warning signs of a SIM swap attack is unrecognized social media activity. The victim might also be unable to bank accounts linked to the phone number. This is one of the early signs since the hacker moves quickly to your bank accounts and social media accounts to capture your personal information and steal your credentials.

Another early sign is an inability to receive or place calls or text messages. When the hacker succeeds to swap your SIM, the hacker proceeds to deactivate your SIM. You might also receive an email from your cell phone network provider alerting you that your phone number has been activated on another device.

How to protect yourself from a SIM-swap attack

Crypto enthusiasts love cryptocurrencies for the pseudonymity, low transaction fees, and the overall instantaneous and frictionless nature of most top cryptocurrencies. Unfortunately, hackers also love crypto for these same reasons as they make breaking into a wallet and getting away with your coins much easier. While it is easy to assume that hackers only target high-profile Bitcoin investors, the volatile nature of crypto makes it such that anyone can be a high-profile target especially in a bullish market where huge profits are made.

So how do you protect yourself from SIM-swap attacks?

Use stronger two-factor authentication

While getting your two-factor authentication codes over SMS is convenient, it leaves you vulnerable to SIM swap attacks. Security is better than convenience and that is why it is advisable to use a 2FA authentication app instead.

You can use Google authenticator or Authy instead of an SMS-based 2FA. An app-based 2FA is a better option because the app is tied to your device and not to your phone number. Therefore, even if you lost your phone number to a SIM swap attack, the hacker will be unable to access your accounts without a secret word phrase protecting your 2FAcodes.

Here is a step-by-step guide on how to set up your Google Authenticator.

Step 1: You can download the Google Authenticator app on your phone (both Android and IoS) to prevent hackers from calling your phone network carrier and stealing your credentials. Once installed the app will prompt you to begin the setup process.

Step 2: Next, set up two-step verification on the google account you are using to download the app by going under the security and sign-in section of your Gmail account. Then select “two-step verification” and select the “Authenticator app.”

Step 3: Now, select the phone you are using to receive the authenticator codes.

Step 4: Then open the Google Authenticator app you downloaded earlier and tap the plus button at the top left of your screen to add new 2FAs to the app.

Step 5: The app will prompt with an option of either scanning a barcode or manually entering a set-up key to complete verification. If you are securing a hot wallet with the Google Authenticator app, head over to the wallet’s dashboard and check the security settings to see whether you have the option of using a 2FA app. For instance, if you want to secure your Binance or Coinbase account with 2FA using Google Authenticator, the interface gives you a variety of 2FA options.

Choose 2FA with Google authenticator and manually enter the set-up key or scan the QR code to begin receiving timely 6 digit codes for that account.

Step 6: You are now set up and ready to go. Be sure to save the set-up key separately in offline storage either on a piece of paper or on a backup drive to restore your 2FA in case you lose your phone or delete the app by mistake. Saving a copy of the set-up key will allow you to easily restore your 2FA upon installing a new Google Authenticator.

Using multifactor authentication

Another alternative you have to protect your crypto holdings from attackers is through the use of Multifactor Authentication.

While setting up a 2FA app like Google authenticator or Authy can be helpful, this strategy is not bulletproof. A hacker targeting your wallet can set up a fake domain and site to your account and have you hand in all your credentials to a fake website as you log in.

This is why Multifactor authentication (an authentication process that requires multiple methods of identity verification) is crucial. MFA can include military-grade systems that include your manner of walking, the normal time of day when you normally log in, and even your biometrics.

The best approach here is to discuss with your current operator the options you have for beefing up security. Efani, for instance, offers guaranteed solutions against SIM-swap attacks with the help of military-grade protection for their clients.

Limit sharing online

It is also important to keep your crypto account separate and detached from your other account.  This is because, in some cases, a hacker can circumvent your two-factor verification and steal your credentials. Limiting the amount of personal information you share online can also help prevent attacks. Most fraudsters use social media profiles and other websites to gather information that can be used for impersonation.

Set up strong passwords

Another layer of protection that can go a long way towards protecting your crypto holdings is a strong password. Make sure that you have a separate PIN and Password for your crypto holdings and that the password and pin are strong enough to survive a hack. You can create a strong password by using long and randomized characters combined in a unique way to create a strong password. You can also add question and answer requirements for login with answers only you know.

Do not respond to malicious emails or texts

Beware of responding to emails, calls, and texts that require your immediate action. In most cases, hackers will send their victims messages asking for personal information. If you follow suspicious links on emails and text messages, you might fall victim to a phishing attack that can lure you to give up your login credentials.

What action can you take if attacked?

So now that you are well educated on the early signs of a SIM-swap hack and how to prevent it, what actions can you take in case you fall victim to an attack? Well, first, you should contact your network carrier immediately and inform them of the suspicious activity on your account. If you are vigilant enough, it is likely you might catch the hacker right before they execute the hack. Let your phone network carrier know that you are not initiating the SIM swap or are not planning to activate a secondary SIM card.

In the case of crypto, you can quickly log in to the hot wallet where you have your funds and freeze withdrawals while you can. If you have your crypto stored with a third-party custodian, get to know some of the security features on offer that can help you prevent the attack.

While it’s easy to assume that any hardware wallet will be secure for your cryptocurrencies, security experts at Efani suggest testing a variety of wallets while using a password manager. For instance, you can use a Yubikey or multiple Yubikeys with a password manager.