Sim-jacking has been around for a while now but it reached a new level of public prominence when it claimed Jack Dorsey (the founder and CEO of Twitter) as a victim. The perpetrators took over Dorsey’s own Twitter account and, while the result was probably very embarrassing for Dorsey, the action at least raised awareness of sim-jacking.
SIM-jacking is exactly what its name suggests. It’s when criminals take control of your SIM card.
There are two main ways of achieving this. One is to use social-engineering tactics to get an individual’s details and then have their network provider port their number onto another SIM card in the criminal’s possession. The other is to use malware and/or what are called USSD attacks to take control of the phone in which the SIM card is held.
SIM-jacking attacks are targeted attacks, which means that the consequences are felt by individuals rather than large groups of people. In other words, for the present at least, it’s hard to see how a SIMjacking attack could lead to the sort of mass carnage caused by the WannaCry attack of 2017.
At an individual level, however, the consequences of a SIM-jacking attack can be devastating and what’s more, in the UK at least, they could be about to get a whole lot worse because banks are switching from using card readers to text messages to customer’s phones to confirm identity.
While this is definitely more convenient and probably better for the environment (because it eliminates the need for card readers), it also increases the payoff for compromising smartphones via SIM-jacking or by any other means.
By the time you’ve spotted that you’ve become a victim of a SIM-jacking attack, your identity will already have been compromised and, while you may be able to put that right (eventually), doing so will probably involve a lot of hassle and possibly some expense, so it arguably makes a whole lot of sense to avoid falling victim to it in the first place. Prevention is always better than a cure, as we know.
Step number one to avoid a SIM-jacking attack is to make sure you have a decent antivirus on your phone (ideally on all your mobile devices). You should have done this already but, if you haven’t, the big names in antivirus products are AVG, Comodo and Norton (by Symantec) and they all offer a range of products at various price points so you should find something to suit you.
Secondly, make sure that you properly secure your account with your network provider. How you go about doing this would depend on the security options they support but you can protect yourself by making sure that you use a specific and secure email address for that account, that any passwords you use are both strong and unique and that your memorable data is completely secure.