Most assume eSIMs are more secure than physical SIMs because they’re the latest technology. That is why cybercriminals have created a new way to scam these people: SIM swapping.
This method takes advantage of two-factor authentication by tricking you into signing up for a new eSIM. Then, the scammers are free to use your new contact information for phishing and other nefarious purposes.
READ: How to fix “No SIM” error for smartphones
The first step to avoiding cybercrimes is understanding. Consequently, this article will elaborate on SIM swapping and share ways to avoid this scheme.
How does SIM swapping work?
A scammer starts SIM swapping by ordering a new SIM or eSIM card in the victim’s name and then activating it.
However, that requires two-factor authentication, which typically involves entering a code from the user’s phone or email to confirm.
That is why they mask the code as a delivery notification so that the victim activates the fake account. For example, the scammer could make the activation code part of a fake Shopee notification.
The victim will send the code to a number that will confirm the fake account activation instead of the official Shopee app. Afterward, the scammer is free to use the SIM card for heinous acts like:
- Accessing your bank account
- Convincing your telecom provider to switch your number to a new SIM card
- Taking control of your other online accounts, such as social media
SIM swapping makes these possible because the hacker can receive your 2FA alerts with their new device. Cybersecurity firm Norton says you might be a victim of this cybercrime if you fit these criteria:
- You can’t make calls or send texts.
- You receive notifications from activities in distant places or unknown devices.
- You’re unable to open online accounts, like your bank and shopping apps.
- You find transactions that you did not make.
How do you avoid SIM swapping?
Tech Advisor and Norton recommend the following methods to defend yourself against this online crime:
- Do not give personal data like your name and phone number to unknown websites, emails, and people. Such information allows cybercriminals to purchase SIM cards in your name.
- Do not click links or download files from unknown sources.
- Have separate devices for using online apps and receiving 2FA notifications.
- Examine the sender whenever you receive a confirmation code in a text message.
- Use strong passwords and unique security questions for your online devices.
- Use Google Authenticator for 2FA, so that it requires your physical device instead of your phone number.