SIM Swapping | Avoiding the Common Scam Tactic
In the Wild West of the NFTs, there is a constant stream of bad actors looking to take advantage of users in the fast-moving space.
This week was no exception — with Gabriel Leydon, founder of the NFT project DigiDaigaku, falling victim to a common attack called SIM swapping. The hack resulted in a malicious individual gaining access to his Twitter account, phishing the NFT community for significant losses.
The latest tweet from @DigiDaigaku CEO @gabrielleydon leads to a phishing website.— quit.q00t.eth (@0xQuit) November 3, 2022
As usual, the tweet tries to encourage fomo so that you don't properly consider the scenario.
No, villains are not surprise minting. Instead, you've just lost your favorite NFTs. Here's how 1/🧵
What Is SIM Swapping?
Subscriber Identity Module (SIM) cards are how users are identified and authenticated on a cellular network — and are a necessary component of connecting to and using your mobile device. Each card contains personal data, which can often include stored messages, passwords, locations, contacts, etc.
The 'swapping' element of the scam tactic often comes in via social engineering — with hackers convincing a mobile company to port a SIM card to a new device by impersonating a device owner.
Once a card is swapped, bad actors can access personal data, initiate and respond to 2FA (two-factor authentication) and password reset requests, and wreak havoc on the network of an unsuspecting victim.
The method is prevalent and rising — with the FBI issuing a warning in February regarding the surge in SIM swap hacks:
"From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to SIM swapping incidents with adjusted losses of approximately $12 million. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million."
Safety and Security Tips
While there is no bulletproof way to avoid falling victim to a SIM swap (outside of not using a mobile phone), there are several ways to better protect and safeguard your data.
1. Use an Authenticator App for 2FA
While a popular two-factor authentication practice is through SMS (text), receiving important codes in messages can open users up to a host of vulnerabilities.
A safer solution is to use a trusted authenticator app, which provides a code linked to the individual physical device instead of delivered over a mobile network.
2. Change Your PIN
Each SIM Card comes with a default four-digit code, which is used for activation when inserted into a device. Changing away from the default (usually 0123 or 1234) adds an extra layer of security if your mobile phone is stolen.
3. Talk to Your Mobile Carrier
With the surge in SIM swapping, major phone companies have implemented various options to better protect consumers — including blocking SIM changes, number locks, and other additional safety measures.
4. Be Vigilant in Protecting Your Data
In the majority of SIM swaps, hackers will need personal information to gain access to a card via customer service representatives. Some basic security measures include:
- Using a variety of strong passwords
- Avoiding using public or unfamiliar WiFi networks
- Recognizing and preventing common phishing attempts (phone, text, email)
- Utilizing a VPN (a virtual private network) to conceal an IP address from would-be hackers
📲SIM Swaps have been popping up again.— Lucky Trader (@LuckyTraderHQ) November 3, 2022
Help keep yourself safe from scams by changing your default SIM Pin & being proactive.
📲Retweet to help a friend and keep your NFTs safe. pic.twitter.com/gSTh7qEVpz