The dangers of SIM Swapping: How to avoid being a target with Three Simple Tips from Check Point Software

Cyberattacks that can steal personal data are on the rise, as are attacks on organisations through ransomware or malicious emails. Here in India, our Check Point Threat Intelligence Report states that an organization in India is being attacked on average 1783 times per week in the last 6 months, compared to 1645 attacks per organization in APAC, with 89% of the malicious files in India delivered via Email in the last 30 days.

Phishing is set to rise in India with the Indian Computer Emergency Response Team (CERT-In) reporting that the total number of phishing incidents in India has increased from 280 in 2020 to 523 in 2021, with the total number of ransomware attacks increasing from 54 in 2020 to 132 in 2021.

While most people are aware of phishing attacks, very few are alert to the dangers of so-called SIM swapping, whereby cybercriminals get hold of a duplicate of a victim’s mobile SIM card. With a duplicate SIM, they can then circumvent the two-step verification process that protects services like your banking app. The problem is so severe that the FBI issued a warning about SIM swapping and in light of this, Check Point Software Technologies Ltd., a leading provider of cybersecurity solutions globally, has put together three simple tips to avoid becoming a victim.

What is SIM swapping?

SIM swapping happens when a cybercriminal obtains a duplicate of your SIM card. However, in order to do this, they need access to your personal data such as ID, phone number and full name, which they can get hold of using phishing techniques. Then they can simply contact your mobile operator and impersonate you over the phone or internet or even by visiting a physical store.

Once the duplicate SIM has been obtained, the cybercriminal only has to insert the card into a device to access all the information and data of the victim’s account including call logs and message history. From that point on, s/he has complete control and it is easy to access your banking app and steal your money by moving it to another account. Although this would mean using a verification code, don’t forget the attacker has access to your mobile line, so all they have to do is copy and paste the code that was intended for you.

How to stay safe: 

  1. Be careful with personal data: this is the information that cybercriminals need to duplicate your SIM. This is why it’s so important to be careful about the websites you visit. Make sure the site in question is official and that it has all the various security measures in place, such as an encrypted connection. Look out for the padlock symbol in the address bar, which shows that it has a valid security certificate, and that the URL begins with httpS://, if it does not include the final -S://, it could be a risky page.
  2. Be aware of phishing: you need to know the tell-tale signs of a phishing attack to prevent them from gaining access to your personal data. Look out for emails and text messages with spelling mistakes even if you know the sender. Pay close attention to the domain name to make sure it’s genuine. The same applies to strange looking links or attachments. Often, these types of details are signs of a phishing attack. 
  3. Look out for loss of signal: one easy and sure-fire way to find out that there is a duplicate SIM card, is that you will completely lose your mobile signal. This is because you will now have a phone with a SIM card that has no access to a mobile network. As a result, you will no longer be able to make or receive calls and texts. If this happens, you need to contact the authorities and your mobile operator so that they can deactivate the SIM and start the process of recovering your data.

“Cybercriminals are always looking for new ways to steal your data to achieve their goals. It’s important that people are able to spot the signs of an attack. If you’re not aware of these tell-tale clues, you’re putting yourself at higher risk and are more likely to suffer more serious consequences. This could mean having your bank account emptied or you could fall victim to identity theft which would enable the criminal to buy goods and services over the internet in your name,” warns Sundar Balasubramanian, Managing Director, India & SAARC, Check Point Software Technologies.

Leave a Reply

Your email address will not be published. Required fields are marked *