Here at OT Group the security of our clients comes first. That’s why when we hear of a new scam affecting our customers, we believe it’s particularly important to raise awareness around the issue.
One security issue we’ve seen impacting our clients frequently over the past couple of years is the SIM swap attack.
We use cell phones to organize most aspects of our lives, and as a small business owner, you probably do the same for your company. You likely use your cell phone to check emails, pay your bills, manage your company’s bank accounts, post to social media and much more.
Losing your cell phone to a scammer is not only inconvenient, but it can also have seriously damaging and expensive consequences for your business. That’s why it’s important to protect your business from SIM swap attacks, and build a robust cybersecurity strategy.
What is a SIM swapping?
Imagine you are sitting at work one day and your cell phone completely stops working. You have no data, you can’t send text messages and you are unable to make phone calls to any of your contacts. You then get a notification from your provider that your SIM card has been activated on a new device.
Confused? That’s because you’ve likely become the victim of a SIM swap attack.
A SIM swap attack, also known as a “port out scam”, is a form of identity fraud where a scammer finds out your phone number and calls your cell phone service provider to activate your number on a new device. The scammer will call your provider and convince them that they are you, requesting them to port your phone number to a new device in their possession because the current phone has been “lost or stolen”.
What is a SIM swap attack hacker able to do?
Since your number is probably connected to vital information through two-factor authentication, such as banking passwords, PayPal passwords, Amazon, social media and a long list of other accounts, the scammer will begin to reset your passwords and take control of those accounts.
The scammer is now able to easily log into your company’s bank account and steal money, or lock you out of vital company accounts that are crucial for the day-to-day operations of your business.
The main issue is that, once the swap has been done, it's very difficult to reverse. Your phone will no longer work, so you'll likely have to go to your carrier in person in order to prove that the SIM swap was incorrect and that you are indeed the owner of the account.
Until you are able to of this, the hacker will be able to intercept your phone calls and messages, including authentication codes for two-factor authentications and text-based password reset options. This will allow them to access your online accounts, and even blackmail you with the information they have found.
How can I protect my business from a SIM swap attack?
There are a number of methods you can use to minimize the risk of SIM card swaps and protect your business from the damaging consequences of identity fraud. We have listed just a few key tips here:
Call your provider and set up a port block
Many mobile providers are offering free services that can block identity thieves from porting out your cell phone number and stealing important business accounts. The most common of these services is the addition of an account PIN or password that is needed to make any changes to your account.
Do not use SMS for two-factor authentication
Two-factor authentication may seem like a further layer of protection for your company’s important accounts, but it actually makes them more vulnerable in the event of SIM swap identity fraud. If you aren’t confident in the security measures you have in place to protect your phone number, then don’t use two-factor authentication on your company’s accounts.
Act immediately if your phone stops working
In the event that your phone does stop working, it's important that you act quickly to resolve the issue. You should call your phone service provider immediately on a different device, and get the to lock your accounts down right away. This will limit how much information the hacker is able to access.
Use a password manager
Sim swap attacks help hackers bypass two-factor authentication, but they still need your account password. Using a password manager helps protect your accounts because it makes it much more simple to use unique, long and secure password for each account by creating them and storing them for you in a secure location. This makes it both more difficult for hackers to access your account, and enables you to avoid using the same password for all accounts (which would give a hacker access to everything).
Do not reply to calls, emails or SMS messages that request personal information
Phone calls, text messages and emails that request personal information are almost always attempting to scam the recipient. Any legitimate companies that want to update your details will request this information through letters to your postal address or official websites and applications.
Are you looking for more information that will protect your business from SIM card scams and other security threats? Contact the OT Group team of IT experts today. We would be more than happy to answer any questions or resolve any concerns that your Ontario-based business has.
.png)
