An important aspect of the culture around Bitcoin is the freedom it affords its holders and recipients. Ownership is determined on the public ledger and transactions are basically permanent. But with that freedom comes responsibility – personally, financially and technologically.
It’s not so much on the blockchain itself that investors in cryptocurrency are at risk, but rather in the context of activities such as trading, lending or spending. There are different ways bad actors may attempt to steal your funds or obtain your credentials. From using phishing websites, to more sinister moves such as DNS hijacking or poisoning, often used by nation-state actors for the purpose of spying, and then there is so-called SIM swapping.
What is SIM swapping?
SIM swapping is an attack where your phone number is migrated away from your SIM card or phone to the attacker’s device. Once obtained, the hacker will then proceed to seek access to your internet accounts – they can achieve this by ‘recovering’ access to an account (usually using a leaked password + SMS 2-Factor Authentication).
How can they get my phone number?
Once the hacker has learned some basic details about you, they may try to call up your phone provider’s customer service and tell some story to convince the other party to assign your phone number to a different SIM card.
How do you know if you’ve been SIM swapped?
- Loss of cell reception, with no way to resolve the issue.
- You may receive notifications that your password has been changed
- You may receive notifications that you’ve logged in from an unknown device
Of course, hackers could delete any such notifications before you even see them. The most important thing is prevention, rather than detection.
How likely is it to get hacked like this?
If you don’t hold much assets in your hot wallet, or maybe you don’t think of yourself as someone who is likely to fall victim to this kind of attack. However, the risk-reward ratio for this type of attack – especially if crypto is at stake – is in favor of the hackers. Stealing cryptocurrency is attractive because it will be difficult for the authorities to recover these funds for you or track down the attacker.
The practice of SIM swapping is becoming increasingly common, and despite carriers putting safeguards in place, it is still relatively easy to succeed. Once your phone number is assigned to a new card, all of your incoming calls and text messages will be routed to whatever phone the new SIM card is in.
When you consider that most of us have our phone numbers linked to our bank, email and social media accounts, you quickly begin to see how easy it would be for someone with access to your phone number to take over your entire online presence.
How can you protect yourself against SIM swapping?
- Preferably, don’t enable 2FA linked to your phone number – instead, use something like Google Authenticator
- Keep your main account (e.g. your Gmail account) extra safe – make sure you are using a strong, unique password, with a backup email account, and if you do link the account to your phone number, then take the following steps
- Call your mobile service provider and tell them that you’d like to place a port freeze and SIM lock on your account
- Ask them to create an account note requiring you to be in-store with a valid photo ID in order to port or transfer your phone number to a new device
- Inquire about other security measures you can enable on your mobile account to prevent unauthorized changes
- Ask them to add or enable a PIN number to be used when making changes to your account
But it’s also about protecting your devices:
- Even if you don’t use SMS-based 2-step verification, you should still protect your mobile device by enabling a screen lock.
- Utilize anti-virus protection and scan your device regularly. You should also be updating your virus signatures as often as possible to stay ahead of new threats
- Keep your web browser and all other software updated with their latest versions
- Uninstall all questionable or unnecessary pieces of software from your device, especially tools that allow remote access
- Do not install and use browser plug-ins or add-ons developed by unknown third-parties
- Practice safe web browsing habits and never click on suspicious links or download suspicious programs
Investing in cryptocurrency is a meaningful way by which you can diversify your portfolio and engage the virtual worlds. But it comes with added responsibility.
Most of us probably opened up our email and social media accounts when we were much younger and unaware of the risks. But the more we integrate our social lives, finances, records and other sensitive information with our internet accounts, the more we need to be conscious about security.
Learn more about how we work to protect your funds and data at AAX.