generated from OWASP/www-projectchapter-example
-
Notifications
You must be signed in to change notification settings - Fork 683
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Create SIM_swapping_prevention_guidelines.md --------- Co-authored-by: Rick M <[email protected]>
- Loading branch information
1 parent
207fc77
commit adfe355
Showing
1 changed file
with
42 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
--- | ||
layout: col-sidebar | ||
title: "SIM Swapping Prevention Guidelines" | ||
author: "Prakhar-Shankar" | ||
contributors: ["kingthorin"] | ||
tags: ["control", "SIM Swapping"] | ||
|
||
--- | ||
|
||
{% include writers.html %} | ||
|
||
## What is SIM swapping? | ||
|
||
SIM swapping, also known as SIM jacking or SIM hijacking, represents a method of identity theft in which a perpetrator illicitly acquires possession of your mobile phone number by reassigning it to a fresh SIM card. Subsequently, this new SIM card can be inserted into an alternative device, affording the wrongdoer access to your various accounts, thereby enabling substantial harm to be inflicted. | ||
|
||
## How does SIM swapping happen? | ||
|
||
The SIM swapping scam involves someone maliciously assuming your identity and contacting your mobile carrier. They claim they need to activate a new SIM card due to phone loss or other reasons. To deceive the carrier, the scammer faces a crucial moment when identity verification is needed, often requiring disclosure of your account's PIN, security questions, or the last digits of your social security number. Once they convince the carrier, they transfer your phone number to their SIM card, disconnecting it from your device. | ||
|
||
With this setup, the scammer proceeds to reset account passwords across various services, taking control of two-factor authentication messages sent to your phone. This illicit access extends to important accounts like email, digital payments, social media, and online shopping. The complexity of this scam highlights the vulnerabilities in our digital lives, emphasizing the need for strong security measures to safeguard personal information. | ||
|
||
## How to prevent SIM swap fraud? | ||
|
||
Fortunately, there exist effective measures that both you and your service providers can take to prevent falling victim to SIM swap fraud. | ||
|
||
* **Online Vigilance:** Be cautious of phishing emails and other tactics employed by attackers to gain access to your personal information, which they may then use to convince your bank or cellphone carrier of their identity. Refrain from clicking on links in emails from unfamiliar sources. Keep in mind that reputable entities like your bank, cable provider, or credit card company will never solicit your personal or financial details via email. | ||
|
||
* **Account Security:** Strengthen the security of your cellphone account by implementing a robust and distinct password, alongside well-crafted security questions and answers that only you would know. | ||
|
||
* **PIN Codes:** If your cellphone provider permits, consider setting a separate passcode or PIN specifically for your communications. This extra layer of security can provide heightened protection. | ||
|
||
* **IDs:** Relying solely on your phone number for security and identity verification is unwise. This includes text messaging (SMS), which lacks encryption. | ||
|
||
* **Authentication Apps:** Utilize an authentication app like Google Authenticator, which employs two-factor authentication but links to your physical device instead of your phone number. | ||
|
||
* **Collaborative Alerts:** Explore the possibility of your banks and mobile carriers working together to share knowledge about SIM swap activities. They can implement user alerts and additional checks when reissuing SIM cards. | ||
|
||
* **Behavioral Analysis Technology:** Banks can employ technology to analyze customer behavior, helping them detect compromised devices and issuing warnings against sending SMS passwords. | ||
|
||
* **Call-Backs:** Certain organizations conduct call-backs to verify the identity of customers and to detect and prevent identity theft. | ||
|
||
SIM swapping underscores the vulnerability of using a phone number as a sole identifier. It can be breached. To bolster security, consider adding multiple layers of protection to safeguard your accounts and preserve your identity. |