If exposed, this small sequence of numbers on the phone SIM can cause your bank account to be drained

With something as simple as a string of numbers on your phone’s SIM card, hackers can quickly drain your bank account.

Cybercriminals don’t even need to steal your phone to gain access to your phone number and personal information. The method they use is “swap SIM cards”.

How does a SIM card work?

Do you remember the last time you bought a new phone? The technician at the store usually helps you transfer the SIM card from your old phone to your new phone.

One thing you may not expect is that this tiny SIM will store all your necessary account information. When an ICCID (SIM number, 20-digit number) falls into the hands of cybercriminals, you’re in trouble.

Each ICCID number is unique and is a unique identifier for a SIM card, similar to an ID card number or a bank account number.

Swap SIM cards

The SIM card swap scam involves a lot of tricks. The hacker will contact your service provider and express a desire to speak to a particularly trusted employee. Next, the hacker will impersonate you to get what they want: Your SIM card data.

If the scam is successful, the data on your SIM card will be transferred to the hacker’s SIM. They don’t even need to remove your SIM card, don’t care about text messages or phone calls from your friends, but aim to receive two-factor authentication (2FA) messages from accounts. Your account contains valuable information.

Most banks require second-factor authentication when you log into your online account. But instead of you entering a one-time password (OTP) received via SMS, it is the hacker who does it.

Attack sequence

In order for hackers to successfully perform SIM card swapping, they must learn as much as possible about you. Hackers do this by retrieving your personal information, so that they can impersonate you without being suspected.

“How did they get my personal information? – You’re probably wondering right now. In fact, hackers can install tracking on your device via email or malicious link. However, that’s not the only way. Sometimes they get information just by making friends online and interacting with you.

Once hackers have enough information about you, they will call your phone provider and impersonate you, asking the provider to transfer your phone number to a new SIM card.

With the success of the above step, the hacker can access your account using the OTP code sent to the stolen phone number and perform two-factor authentication.

What to do to ensure safety?

Here are some of the most effective ways to prevent hackers from swapping SIM cards:

1. Change the 2-factor authentication method

Receiving a two-factor authentication code via text message is convenient, but it can make matters worse once you’re the victim of a SIM card swap.

Instead, you can use authenticator apps to associate the OTP with your phone. Just connect the app to the most important accounts, you will receive your security code through it.

2. Set up a PIN with your mobile service provider

Adding a PIN to your account makes it harder for hackers to gain access. Hackers will have to provide your PIN or secret code when trying to make changes to your account.

3. Separate phone numbers from online accounts

Removing your phone number from your most important online accounts will save you from having to worry about SIM card swapping. You should also remove your phone number from major social networks and online retailers’ websites.

4. Beware of scams

Delete emails that ask for your personal information. Reputable banks and institutions will never request confidential information via email.

These types of emails are all the result of hackers trying to steal your information. Understanding phishing methods will help you secure your data online.