By Robert Descôteaux, Manager, System Administrator at ITCloud
SIM card fraud, also known as “SIM swaps” or “SIM transfer,” is a hacking technique that, although it has been around for several years, is still relevant. Here’s what it is and how you can protect yourself from it.
What Is SIM Swapping?
With the rise of multi-factor authentication (MFA), smartphones have become a critical part of an organization’s and individuals’ cybersecurity risk management strategy. One of the most common methods for implementing multi-factor authentication is to send a one-time code to a smartphone via SMS.
SIM swap attacks pose a serious threat to SMS-based multi-factor authentication systems and mobile safety, especially with the growth of remote work and Bring Your Own Device (BYOD) policies. By stealing a user’s phone number, an attacker gains access to a trusted part of a user’s identity.
What happens when SIM swap is successful?
Once the attacker has control of the number, they can begin changing passwords for online accounts to prevent the real user from accessing their banking profiles, transferring funds, selling cryptocurrencies, and compromising social media accounts, medical records, and other privileged data.
Information : Using an authenticator app, such as Microsoft Authenticator, associates verification directly with your mobile device rather than your cell number.
How to protect yourself from it?
Changing your SIM card PIN is an important security measure to protect your phone and personal data. Here are some reasons why it is recommended to change your SIM card’s default PIN:
- Secure access to your SIM card:
The default PIN code, often set to “1234” or another equally easy-to-guess code. It can then be very easily guessed by malicious people. By changing it, you add a layer of security that prevents anyone with access to your phone from manipulating or using your SIM card.
- Protecting your personal information:
The PIN prevents someone from changing your SIM card settings, such as locking the card, or using services like call forwarding or changing your data plan. This helps protect your sensitive information if your phone is lost or stolen.
- Reduce risks in the event of theft or loss:
If your phone is stolen or lost, a PIN on the SIM card prevents the attacker from using your SIM card on another device, limiting access to your calls, messages, and other mobile services associated with your number.
- Avoid unauthorized SIM card change:
If someone gains access to your phone, they could potentially change the SIM card. A hard-to-guess PIN makes this much more difficult and deters “SIM swapping” attacks, where a fraudster transfers your number to a new SIM card.
- Protect your banking and two-factor authentication services:
Many services use your phone number for verification processes, such as sending 2FA (two-factor authentication) codes via SMS. Changing your SIM card PIN can help protect these services by making it harder for unauthorized access.
In summary, changing your SIM card PIN code helps strengthen the security of your phone and protect your personal data against risks related to loss, theft, or malicious attacks.
Tip : Consider ditching SMS-based multi-factor authentication for your online apps and services. Instead, use a security key or an app like Microsoft Authenticator.
Set Up Two-Factor Authentication Using Authenticator Apps
Two-factor authentication is always a good idea. However, in the case of SIM swapping, the most secure way to access authentication codes is to use authentication apps, rather than codes sent via email or SMS.
It’s also a good idea to add extra security measures to authentication apps, such as protecting them with a PIN, fingerprint, or face ID. Choose PINs that aren’t associated with birthdays, anniversaries, or addresses. Choose a random assortment of numbers.
Beware of Phishing Attempts
Cybercriminals often use phishing to fuel their identity theft attempts. Phishing is a method used by cybercriminals to obtain sensitive personal information that they can use to impersonate you or gain access to your financial accounts.
Phishing emails, text messages, and phone calls often use fear, excitement, or emergency to trick people into giving up valuable information, such as Social Security numbers, dates of birth, passwords, and PINs.
Be wary of messages from people and organizations you don’t know. Even if the sender looks familiar, there may be typos in the sender’s name, logo, and throughout the message, which is a good sign that you should delete the message immediately.
Never click on links in suspicious messages.
Set Up Two-Factor Authentication Using Authenticator Apps
Two-factor authentication is always a good idea. However, in the case of SIM swapping, the most secure way to access authentication codes is to use authentication apps, rather than codes sent via email or SMS.
It’s also a good idea to add extra security measures to authentication apps, such as protecting them with a PIN, fingerprint, or face ID. Choose PINs that aren’t associated with birthdays, anniversaries, or addresses. Choose a random assortment of numbers.
SIM Card Lock
Do not try to guess your SIM card PIN. Guessing incorrectly can permanently block your SIM or eSIM card, which means you will need a new SIM or eSIM card.
Warning: remember that if you enter the PIN incorrectly more than 3 times, it will be locked. The phone will only be able to make emergency calls. Contact your cellular provider to have it unlocked. If you enter the PIN incorrectly 10 times, it will be locked permanently, and you will have to buy a new SIM card.
PUK (Personal Unblocking Key)
Let’s start with the end. A PUK (Personal Unblocking Key) is a security code used in the world of mobile phones. It allows you to unblock a SIM card when it has been locked after several incorrect attempts to enter the PIN (Personal Identification Number) code.
Here’s how it works
- The PIN code is a 4-digit code that the user must enter to access their phone.
- If the user enters the PIN code incorrectly several times (usually three times), the SIM card is locked. Only emergency calls remain accessible.
- To unlock the SIM card, the user must enter the PUK code, which is provided by the mobile phone operator. In Canada, you must contact your operator for support and possibly a new PUK code.
Example of a locked SIM card asking for the PUK code. When the phone is locked, only emergency calls are accessible. It is important not to enter an incorrect PUK code too many times (usually ten times), as this could result in the SIM card being permanently blocked.
SIM Card PIN
Adding a PIN to your SIM card is usually done through your phone’s security settings. By default, this code is often disabled and set to 1234.
Below are the most common SIM card lock codes, depending on your mobile service provider.
AT&T: 1111
Bell: 1234 (or 1111)
Kodoo: 1234
Rogers: 1234
Telus: 1234
Verizon: 1111
Vidéotron: 1234
When will you be asked for your PIN code?
You will be asked for your SIM card PIN in the following situations:
- When you want to make changes to your SIM card.
- When you want to make changes to your SIM card.
Enable or disable PIN to lock access to the SIM card
On an Android mobile device
Please note that the navigation path may be different depending on the model.
1. Open your device’s “Settings” and tap “Security and emergency.”
2. Then tap on “More security settings.”
3. Select “SIM card security.”
4. Then enable the “Lock SIM card” option.
5. Enter your SIM card PIN code and press “OK.” By default, the PIN code should be 1234.
6. Once SIM card lock is enabled, tap “Change SIM PIN” to change the PIN.
If you want to disable the SIM card lock, tap the “SIM card lock” option again (the slider will turn grey).
On an iPhone mobile device
You have the option to use all the encryption methods offered, in the encryption option. Here are the two additional options that are specific to the organization.
If you have an iPhone with a single SIM or eSIM card:
- Open the “Settings” application, then tap “Cellular Network.”
- Select “PIN code” for the SIM card. If you have multiple SIM cards, choose the one you want to protect.
- Activate the PIN code for your SIM card.
- Validate by tapping “Done.”
Conclusion
By applying a PIN to your SIM card, you add a vital layer of security to protect your data and identity from threats such as SIM swapping. This simple but effective measure makes it harder for unauthorized access to your personal information, while providing additional protection in the event of theft or fraud.
By taking extra precautions and remaining vigilant to potential risks, you can further secure your phone and sensitive data. Protecting your identity starts with simple but crucial actions, such as activating a SIM code, to ensure your information remains in safe hands.
And remember, training and educating your customers is easier than having to deal with a data breach once it has occurred.
You want to know more?
Fill out this form and one of our security specialists will contact you shortly.