Ten Ways To Take Notes Apple Products

SIM card* swapping/cloning and theft of your money

FBI crime statistics show that this type of tech crime is on the increase with $12M reported lost 2018-2020, while the problem mushroomed to $68M in 2021.

All someone needs is your phone number and some private information like birthday, mother’s maiden name (simple security information you gave to your carrier) to pose as you and get the carrier to swap your SIM* card for the one in their phone. Personal information is often gathered through “phishing” attacks, data brokers or on the dark web. This will let all your calls and texts go to someone else’s phone. Passwords, multi-factor tools are all impacted.This will leave your phone useless until you get a new SIM. If a thief finds your bank information on your phone, they may be able to access your accounts. The log-on information that you set up will go to their phone as they attempt to log on as you using two-factor identification**. 

It’s simple for knowledgable crooks as it can be done remotely (even from another country). It’s not easy to quickly detect and it’s shockingly easy to do.  Princeton University did a test a few years ago and found that out of 50 attempts to swap a SIM, 39 were successful due to simple challenges that could be answered. Customer service reps with carriers are not generally highly trained. Even Jack Dorsey, former CEO of Twitter, was reported to have been attacked. The scammer just has to pretend it’s you and convince the carrier to swap the SIM because the old phone was lost or broken. Then they go into your bank account and clicks on Forgot Password and a code is sent to their phone allowing them to change your bank’s log in credentials. 

How to prevent or reduce your vulnerability:

  • Set up a PIN number where you can with financial service companies
  • Request in-person SIM card changes with ID
  • Give out a Google number to anyone other than close contacts
  • Protect your personal and financial information. Password manager apps help.
  • Use multi-factor authentication 
  • Don’t overshare on social media
  • Consider setting accounts to “friends only” to limit who sees your personal information.
  • Don’t use text messages for authentication. In practicality, banks almost always require this.
  • Require code words for certain transactions where you can
  • Be careful of answering texts from people you don’t know. Avoid responding to urgent messages
  • Set a SIM card lock on your smart phone. See the website at the end of the article 
  • Delete old social media accounts you rarely use
  • Some other ways to receive authentication are apps like Google Authenticator and Authy
  • A physical device such as a 2FAkey***. It would have to be stolen along with your phone. **
  • Don’t put log on information in your contact files. Use a password manager
  • Set up alerts with your bank and carrier for changes to your account.
  • Call your carrier and ask what protections they suggest for your account. Some permit a PIN number to be used for SIM changes.
  • Consider changing your answers to common authentication/security questions by writing the answer backwards, using numbers instead of names or fictitious information (place born: north pole) etc. You must keep these responses somewhere secure so you can obtain them when needed. Much of seemingly innocuous information such as where you were born, mother’s maiden name, favorite pet and so on might be floating around in social media. If the answer is not the truth, it’s much harder for the crooks to answer.
  • You might get a notice via email that your SIM card has been change, take immediate action. 
  • You might see unauthorized transactions 
  • Consider using a VPN service when using public wifi which may or may not be secure. They could even be fake from someone else trying to steal your information. 
  • NEVER download a file, link, or software app from someone who just contacted you
  • PROTECT your phone, don’t make it easy for someone to steal it.
  • PROTECT you phone password and make it difficult for someone to see you entering it
  • If your phone suddenly doesn’t work, call your bank(s) and carrier immediately 

People who deal in digital currency are especially vulnerable as it is very difficult to recover losses. 

*a SIM card (full form: Subscriber Identity Module or Subscriber Identification Module) is an integrated circuit (IC) intended to securely store an international mobile subscriber identity (IMSI) number and its related key, which are used to identify and authenticate subscribers on mobile telephone devices (such as mobile phones and laptops). This lets your carrier know who you are. 

**Two factor identification, 2FA, or sometimes MFA is a second piece of data a company uses to help identify a request. It can also be a biological key such as a face scan or fingerprint. 

***a popular key is the Yubico Security Key C NFC, about $30. https://www.yubico.com/

Change you SIM PIN on you iPhone If you do not know the SIM PIN, you should try the default SIM PIN used by your mobile carrier. If it does not work, you should check your SIM documentation if you still have it, or contact your carrier for support. If you enter the wrong PIN three times, the SIM card is locked, and you can no longer make phone calls or use internet on your iPhone/iPad. Settings>Cellular>SIM PIN

________

While on the subject of phone problems/scams – a Tampa news station report that some people get call from unknown callers. When you answer, they say can you hear me. Most people would say “yes” and therein lies the problem. They could say, “I’m calling for Suzy, do I have the wrong number and you say yes.  The response can be recored and your voice used. Typically this type of scam is made by “robo”callers . The answer can be used to order fomenting you do not want or other nefarious purposes. Be on guard when answering calls from unknown numbers. Maybe let it go to voice mail. Before answering ask some questions  of your own to find out if it is authentic. Avoid saying yes. You can reported this type of call to the Better Business Bureau. 

Helpful sites:

https://consumer.ftc.gov/consumer-alerts/2019/10/sim-swap-scams-how-protect-yourself

File a complaint with the FBI at 800-CALL-FBI and/or www.IC3.gov

https://www.fcc.gov/consumers/guides/cell-phone-fraud