Protect Your Accounts from SIM-Swap and Port-Out Attacks
There isn’t one type of cyberattack out there, nor is there one point of entry for hackers to target. While attacks commonly occur through computers and internet accounts, your smartphone is an increasingly popular target. In fact, hackers can completely take over your phone number, hijacking your 2FA codes to break into your accounts. The FCC has previously called on
There isn’t one type of cyberattack out there, nor is there one point of entry for hackers to target. While attacks commonly occur through computers and internet accounts, your smartphone is an increasingly popular target. In fact, hackers can completely take over your phone number, hijacking your 2FA codes to break into your accounts.
The FCC has previously called on carriers to improve their security protections for SIM-swap and port-out attacks. While carriers are unlikely to follow suit in a timely fashion, there are steps you can take to reduce your risk of falling victim to these attacks.
What are SIM-swap and port-out attacks?
SIM-swap attacks occur when hackers trick your carrier into putting your number on a new SIM. A port-out attack occurs when hackers created a new carrier account under your name. Both methods allow hackers to receive two-factor authentication codes for any account that uses SMS-based 2FA. They also enable standard logins if you set up your accounts with your phone number, rather than an email address or username. In either case, they can use this authentication to gain access to other personal information and accounts.
This is bad news. Because they have access to your 2FA codes or phone number login, it’s very difficult to prove your identity in this situation. By the time you even notice the problem, bad actors might have combed through your entire digital life.
How to protect yourself from SIM-swap and port-out attacks
Because of how devastating these attacks can be, the FCC wants carriers to use better protections to ensure SIM-swap and port-out attacks cannot happen. Until then, there are steps you can take to prevent these attacks on your own. Set a PIN or password for your account, if your carrier allows you to. You should also use an authenticator app, rather than SMS-based 2FA. That way, hackers won’t be able to access your 2FA codes even if they do take over your number, as all your codes are generated via the app only you can access.
Finally, don’t fall for any communication asking for personal data. Carriers like Verizon will never contact you asking for secret info like your PIN or social security number. If you receive a text or email from your carrier out of the blue, send it to spam. If you’re ever unsure whether a message is really from your carrier, contact them directly to see if they’re trying to reach you.
Share This
