SIM Swapping | Avoiding the Common Scam Tactic

SIM Swapping | Avoiding the Common Scam Tactic

In the Wild West of the NFTs, there is a constant stream of bad actors looking to take advantage of users in the fast-moving space. 

This week was no exception — with Gabriel Leydon, founder of the NFT project DigiDaigaku, falling victim to a common attack called SIM swapping. The hack resulted in a malicious individual gaining access to his Twitter account, phishing the NFT community for significant losses. 

What Is SIM Swapping? 

Subscriber Identity Module (SIM) cards are how users are identified and authenticated on a cellular network — and are a necessary component of connecting to and using your mobile device. Each card contains personal data, which can often include stored messages, passwords, locations, contacts, etc. 

The 'swapping' element of the scam tactic often comes in via social engineering — with hackers convincing a mobile company to port a SIM card to a new device by impersonating a device owner. 

Once a card is swapped, bad actors can access personal data, initiate and respond to 2FA (two-factor authentication) and password reset requests, and wreak havoc on the network of an unsuspecting victim.

The method is prevalent and rising —  with the FBI issuing a warning in February regarding the surge in SIM swap hacks:

"From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to SIM swapping incidents with adjusted losses of approximately $12 million. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million."

Safety and Security Tips

While there is no bulletproof way to avoid falling victim to a SIM swap (outside of not using a mobile phone), there are several ways to better protect and safeguard your data.

1. Use an Authenticator App for 2FA

While a popular two-factor authentication practice is through SMS (text), receiving important codes in messages can open users up to a host of vulnerabilities.

A safer solution is to use a trusted authenticator app, which provides a code linked to the individual physical device instead of delivered over a mobile network.

2. Change Your PIN

Each SIM Card comes with a default four-digit code, which is used for activation when inserted into a device. Changing away from the default (usually 0123 or 1234) adds an extra layer of security if your mobile phone is stolen.

Learn the process for manually changing your pin on Apple or Android.

3. Talk to Your Mobile Carrier

With the surge in SIM swapping, major phone companies have implemented various options to better protect consumers — including blocking SIM changes, number locks, and other additional safety measures. 

4. Be Vigilant in Protecting Your Data

In the majority of SIM swaps, hackers will need personal information to gain access to a card via customer service representatives. Some basic security measures include:

  • Using a variety of strong passwords
  • Avoiding using public or unfamiliar WiFi networks
  • Recognizing and preventing common phishing attempts (phone, text, email)
  • Utilizing a VPN (a virtual private network) to conceal an IP address from would-be hackers
Disclaimer: The author or members of the Lucky Trader staff may own NFTs discussed in this post. Furthermore, the information contained on this website or the Lucky Trader mobile application is not intended as, and shall not be understood or construed as financial advice. AI may have assisted in the creation of this content.