SIM Swapping is Back but Justice Prevails

FIT Information Technology Information Security

We wrote about the dangers of “SIM Swapping” back in September of 2018, and now the term is making headlines again. This time with a somewhat happy ending, with the suspect facing a potential five-year prison sentence and a hefty fine for altering the SIM card data of customers. Let’s quickly review what SIM swapping is and how it can happen. 

SIM swapping, also known as SIM jacking, is a cybercrime where someone steals your phone number by transferring it to a SIM card they control. This lets them receive your calls, texts, and other personal data. Attackers often use social engineering to trick your cell phone carrier into making the swap, but in this case, the culprit had insider access.

Here, the suspect isn’t some shadowy hacker in a basement, but a 42-year-old store manager at an unnamed telecom company. He used his managerial powers to swap customer SIM cards with devices controlled by another individual. This little switcheroo gave the accomplice control over the victims’ phones and access to their entire digital lives—email, social media, even their cryptocurrency accounts. The deceitful store manager got $1,000 per SIM swap, paid in Bitcoin, naturally.

But here’s the kicker: there’s not much you, the average phone user, could have done to prevent this hack. However, there are ways to minimize the damage from a SIM swap attack.

Protecting Yourself:

  • Ditch SMS: Use authentication apps (Google Authenticator, Duo) or hardware tokens instead of SMS for two-factor authentication.

  • Be alert: If your phone loses signal, contact your carrier immediately using a trusted number.

  • Monitor Accounts: Check for suspicious activity and change passwords if compromised.

  • Report and Block: Report the attack to your carrier to cut off the attacker’s access.

  • Knowledge is the best defense. Take your FIT 2024 mandatory cybersecurity training today. The training is 30 minutes long, and you can stop and start the training as many times as you need until it is completed. This training will help you learn ways to defend against attacks like these. You have until the end of the spring semester to complete this training. 
    Start your training now. 

This case highlights the importance of strong authentication methods beyond SMS. By staying vigilant and taking precautions, you can make it harder for criminals to exploit your phone number.

 

 
About Cybersafe

The Division of Information Technology is dedicated to protecting the FIT community from the latest cybersecurity threats by providing warnings and creating awareness through training and information-sharing. Visit fitnyc.edu/cybersafe for more information. And stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.

About Cybersafe

The Division of Information Technology is dedicated to protecting the FIT community from the latest cybersecurity threats by providing warnings and creating awareness through training and information-sharing. Visit fitnyc.edu/cybersafe for more information. And stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.

Read past issues here.

Footer