The US Federal Trade Commission (FTC) is warning people about SIM swapping attacks that aim to assign the phone number of a victim to a SIM card controlled by the attacker. The threat actor can subsequently use this phone number to obtain access to email and other user accounts of the victim that are linked to the phone number.
SIM swapping attacks usually occur in one of three ways: The threat actor bribes or blackmails a mobile store staff member; the threat actor is a (former) mobile store employee with the access needed to carry out the swap; or the attacker is a (former) mobile store employee who manipulates colleagues into performing the swap. The FTC warns that “armed with your login credentials, the scammer could log in to your bank account and steal your money, or take over your email or social media accounts,” adding that “they could change the passwords and lock you out of your accounts.”
The FTC provides the following four tips that people should follow to avoid falling victim to SIM swapping:
- Don’t reply to calls, emails, or text messages that request personal information.
- Limit the personal information you share online.
- Set up a PIN or password on your cellular account.
- Consider using stronger authentication on accounts with sensitive personal or financial information.
Read more: FTC Issues Guidance On Protecting Against SIM Swap Attacks