Welcome to #WeekendWisdom number 70. This week we’re going to talk about SIM swapping.
SMS text as Two Factor Authentication is better than nothing, but is at risk
Regular fans of this video series will know that I’ve talked about using two factor authentication as being a great way of securing online accounts. This is because, other than a password, you’re adding a second factor to your authentication. So you can get that by a code that is sent you by a text message and a lot of online services provide this facility.
But you will also have heard me mention that the text message may not be quite as secure as say using an authenticator app or a security key. The reason for this is because of SIM swapping.
What is SIM Swapping?
What occurs here is that criminals will find out that a person uses text messaging for the second factor for authentication for payment services or banking services. They will then go and con somebody either in a mobile phone shop or on the phone or online with support personnel for a mobile phone provider and get them to issue a new SIM in that person’s number but send that SIM to them.
Once they activate the SIM, the proper person’s phone will go dead. The criminals now will have access to getting that second factor authentication through the text message and they will start making payments as fast as they can.
How do you protect yourself from this?
So what you really need to do to protect yourself is to contact your mobile provider and see if they can put additional security on your account to prevent this from happening. Or move from using text messages to using an authenticator app or a security key.
So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We offer a full range of training programmes, which can be delivered online or in-person*.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.