What is a SIM Swap Attack, and How to Prevent One?

Sim swaps are the easiest criminal hacks in the crypto community today. The mechanics require less technical skills, little to no coding knowledge and a criminal could make away with large crypto funds.

One such incident happened when someone compromised a crypto trader’s Coinbase credentials using a sim-swap attack and stole $7,300 worth of Ethereum. The trader, Dan Tiberi said Coinbase sent him an unsolicited notification that confirmed a password change. Several minutes later, Tiberi could not send a message or call from his T-Mobile device. Suspecting foul play, Tiberi quickly blocked the transaction but Coinbase covered the cost of the transaction from his other crypto holdings including Litecoin, ChainLink and Bitcoin. 

Read more: Crypto in Crisis: Friend.tech Users Beware of SIM-Swap

What is a Sim-Swap?

A sim swap is an online identity hack where hackers take control of a person’s mobile phone number and use the number to gain access to online profiles, bank accounts and crypto wallets. 

The U.S. recorded 1,600+ sim swap complaints under the Federal Bureau of Investigation. The total loss amounted to $68 million for the year 2021. In 2 years only, the complaints had risen by 400%. Thereby denoting that sim swapping was growing in popularity. 

According to the Director of Security Operations at Certik Hugh Brooks, telecommunications providers must move from SMS-based 2-factor authentication to reduce cases of sim swap attacks.  While the number of cases is low, experts believe the numbers will surge in the future. 

Therefore, the director has urged cyber security specialists to upgrade their security standards. This is because the Web 3.0 industry is growing at a rapid pace, and the low technical requirements for executing a sim swap could continue haunting the crypto community. 

Most importantly, Coinbase losing funds belonging to nearly 6,000 customers in 2021 as a result of sim swap hacks is enough reason to upgrade telecommunications security. 

How Easy is it to Perform a Sim Swap Attack?

The Certik Director mentioned that a sim swap hack can be successful using information already available on public domains. For example, personal details that any computer specialist can obtain using social engineering skills and phishing. According to the director, Sim swapping is more attractive to hackers of all levels because it needs less technical coding skills. 

Exchange exploits and smart contracts require a high-level understanding of logic, mathematics and coding, which makes them difficult in terms of time, resources and knowledge. However, it would be very easy for an experienced cyber criminal to penetrate crypto wallets using sim swap attacks. 

SlowMist’s development team also agreed with Certik’s remarks. The team noted that SIM swaps will increase in prevalence across Web 3.0 despite being more popular in Web 2.0. 

After evaluating the prevalence of SIM Swap attacks, our team noticed entre level cyber criminals were executing SIM swaps with ease using social engineering. Through social engineering, these cyber criminals can not only decieve crypto users but also crypto platform security support personnel. 

Preventing SIM Swap Attacks? 

Users must remain careful about the information they allow the public when using online platforms. Some of this information could make them vulnerable to sim swap attacks.  Experts advise users to remain cautious and restrict the usage of Sim-based two-factor authentication. 

For this reason, users should not rely on SMS authentication but rather take advantage of applications such as Authy, 2FA, Google Authenticator and crypto user education programs.  Cybercrime investigators also recommended the implementation of multifactor authentication measures like combining strong passwords with multifactor authentication, additional passwords and enhanced email verification. Experts have also recommended the establishment of strong PINs and passwords that leverage a mix of alphanumerics, symbols and nouns. 

Other ways to protect yourself from SIM Swapping include protecting personal details like addresses, full names, ID numbers, emails and dates of birth. For this reason, crypto users need to scrutinize their online profiles in case any of their info is public.  In addition, online platforms need to observe responsibility when handling 2-factor authentication. For example, platforms must request additional details before validating change. Such changes include account information and educating users about any risks concerning SIM Swaps. Furthermore, online platforms and cryptocurrency exchanges need to educate users about the risks of sharing personal details and the increasingly prevalent risk of SIM Swapping.

The Responsibility of Platforms

Certainly, platforms can play a crucial role in preventing SIM swap attacks by implementing various security measures, educating users about the risks associated with SIM swapping, and requiring additional verification before allowing changes to account information.

Here’s a breakdown of each point:

Security Measures

Two-factor authentication (2FA)

Platforms should strongly encourage or require users to enable 2FA on their accounts. This adds an extra layer of security by requiring a second form of verification, such as a one-time code sent to the user’s email or mobile device.

Biometric Authentication

Implementing biometric authentication options, such as fingerprint or facial recognition, can enhance security and make it more difficult for attackers to gain unauthorized access.

Geolocation Tracking

Platforms can track the geographic location of login attempts and flag suspicious activity if login requests suddenly originate from a different location.

User Behavior Analysis

Employ algorithms to analyze user behaviour patterns and detect any unusual or suspicious account activity.

Educating Users

SIM Swap Awareness Campaigns: Platforms should conduct awareness campaigns to educate users about the risks of SIM swapping, how it works, and how to protect themselves.

Security Guidelines

Provide users with clear guidelines on how to secure their accounts, including instructions on setting strong passwords, enabling 2FA, and recognizing phishing attempts.

Email and In-App Notifications

Send regular reminders and notifications to users about the importance of account security and the potential threats they may face.

The Responsibility of Platforms: Additional Verification

Multi-Step Verification

Platforms should require multiple forms of verification before allowing changes to account information, such as SIM card changes, phone number updates, or password resets. This could include verifying the user’s identity via email, SMS, security questions, or biometrics.

Delay on Changes

Implement a delay between the request for changes and the actual changes taking effect. This gives users time to detect and report unauthorized changes before they can cause harm.

Notification Alerts

Send notifications to the user’s verified contact information (email or secondary phone number) whenever there is a change to their account settings, providing them with the opportunity to verify or dispute the change.

Platforms have a responsibility to protect their users from SIM swap attacks by implementing robust security measures, raising awareness about the risks, and requiring additional verification for sensitive account changes. By taking these proactive steps, platforms can significantly reduce the likelihood of successful SIM swap attacks and enhance overall user security.

Conclusion

Personal data protection in the age of online security

In today’s digital age, safeguarding our online accounts from threats like SIM swap attacks is of paramount importance. Platforms, such as social media sites, email services, and financial institutions, bear a significant responsibility in this endeavour. They can contribute to preventing SIM swap attacks by implementing robust security measures like two-factor authentication (2FA), biometric authentication, and user behaviour analysis. Moreover, platforms should actively engage in educating their users about the risks associated with SIM swapping and provide clear guidelines on securing their accounts. 

More Info:

• How to Keep Your Crypto Safe: 8 Tips to Stay Protected
• Atomic Wallet Explores Possible Scenarios Leading to Recent Security Incident: Unveiling the Cryptic Causes

Requiring additional verification steps before allowing changes to account information is another vital step platforms can take. However, it’s essential to stress that user diligence remains a linchpin in the fight against SIM swap attacks. Users must play an active role by enabling security features, setting strong passwords, and being vigilant against phishing attempts. Regular monitoring of their accounts for suspicious activities and reporting unauthorised changes promptly are crucial! In this collaborative effort between platforms and users, a safer online environment can be achieved, but still stay careful out there, hodlers!

Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice of this sort, HODL FM strongly recommends contacting a qualified industry professional.