We no longer live in a world where burglers need to mug you on a street corner for your credit cards or cash. Nope, these days the majority of robberies occur in the cyber world, and hackers are more dangerous than ever. Using extremely sophisticated methods, hackers are able to drain banks at the push of a button, and bypass all your banks mobile security features. The newest method in a hackers arsenal uses nothing more than a SIM card, and some basic personal information accessed publicly through social media profiles. The method is the SIM Swap Scam.
A SIM card is “a smart card inside a mobile phone, carrying an identification number unique to the owner, storing personal data, and preventing operation if removed”. In short, a SIM card is basically a small hard drive in your phone that also lets mobile phones access cell towers from telecommunication companies like Verizon wireless or T-mobile.
Two Step Verification
Most banks prompt users to enable or require something called two step verification. When your bank account is accessed from a foreign location, you’re required to re-verify your account with either safety questions, or some type of email/text confirmation. This two step verification method has been the full proof security feature that has prevented scams in the past; however, not anymore. Hackers have adapted to the two step identification method, and they’re using the method in way never thought possible.
Step 1: Hacking A Persons Email
It starts by accessing your email. Email providers like GMAIL or Yahoo, have a set of security questions a user inputs upon creation so if you happen to lose your password, you can recover it later on. These security questions are usually basic, like “What was the name of your high school” or “What was your first dogs name”? Hackers are smart, they know people provide to much personal information on social media platforms like facebook or Instagram, so they use this to penetrate the first line of defense, your email account.
In a hypothetical scenario, a hacker will browse Facebook, search profiles for a public email address, then use the forgot password button on the corresponding domain (gmail, yahoo, ect.). A set of security questions follow. The hacker uses all the information you provided on your own Facebook page to flawlessly answer GMAIL’s security questions, the hacker resets your password. The hacker also knows your cell phone number. How you might ask? Well because it’s on your facebook profile page. The hacker then correlates the starting digits of your phone number to conclude your cell phone provider is Verizon wireless.
Step 2: Hacking A Persons SIM Card
Now, that the hacker is on your email account, he sees notifications from Bank of America. He will use this information later, but first, he needs to get control of your cell phone. Since the hacker knows your mobile carrier, he simply calls Verizon wireless and claims he lost his phone, and needs to activate a new SIM card. After some short security questions, and a confirmation email from Verizon, the hacker now has access to the cell phone number you’ve been using for the past 10 years. Spooky.
Step 3: The Bank Drain
At this point, the hacker has fully penetrated all security measures from GMAIL, and Verizon wireless using nothing more than public information you provided. Now, he downloads the Bank Of America app. There is a two step verification login; however, this is no problem for the hacker since the information required for the 2-step verification is a hopeless line of defense after the hacker penetrated your email and cell phone. After some authentication, the hacker is now in your bank account, and sets a transfer of all funds to an untraceable bank.
An experienced hacker can launch this full attack within 10 minuets.
Depending on your bank, most of the time the money is reimbursed; however, that hacker still has the money he stole from you, and living large & unscathed by the whole attack.
Scary, scary stuff.
- Refrain from putting ANY information on social media accounts
- Take your security questions seriously, use arbitrary answers, not even your own family could figure out.
- Be aware, always be checking your bank accounts for unusual activity, and if your SIM card suddenly goes dead, contact your bank and local authorities.