Perhaps you have heard of a recent scam where farmers in Saskatchewan had money stolen from their bank account using cellphone fraud, as seen in this article – https://www.cbc.ca/news/canada/saskatoon/family-farm-port-out-scam-1.5443580
The thieves used SIM Port hacking and emptied bank accounts, stealing hundreds of thousands of dollars! Now, this same scam has been used in the Battlefords, Broadview and Moose Jaw areas.
You may wonder how this happens. What is Cellphone SIM Port hacking, why is it dangerous, and how do I protect myself from being a victim?
First off, while the name sounds super technical and like something that “will never happen to me”, it is actually a low-tech social engineering scam. You may hear it called numerous things: SIM Port hacking, SIM swap hacking, SIM Porting, SIM Port-Out, SIM Hijacking, etc. Basically, they all mean the same thing. A thief/hacker will gather personal information about a person, including things like their cellphone number, what business they own or work for, what bank they use, etc. From there, they will pretend to be that person and open a new account with a new cellphone provider, then have your cellphone number reprogrammed to their phone on the new provider. Often, this is done over the telephone. For example, if your cellphone account is with Sasktel, someone may call Telus and have your cellphone number switched over to a new account, which transfers your “SIM” card number to their phone. Your phone will suddenly stop working, as the thief now has your phone number and access to your cellphone calls and text.
Why is this dangerous? It isn’t just about missed phone calls from your mom. Think: How much confidential information gets sent to you by phone call and text message? Would it be a problem if someone else was receiving them and impersonating you in the process?
Likely you have sensitive accounts, such as your bank accounts or file-sharing accounts, set up so they require you to use multi-factor authentication at log-in. Often one way you get the authentication codes is by text message. This is a much more secure log-in method than in the past where a thief only needed to capture your internet username and password to gain access. But now with Cellphone SIM Port Hacking, digital thieves have found a way to intercept multi-factor authentication texts or verification phone calls. They may not have your password, but they can ask the bank website to reset the password and intercept any texts or phone calls that are used to “securely” verify the legitimacy of those change requests. Once the account password is updated, they access your bank account!
How can I protect myself? Here are some suggestions:
- Educate yourself and your employees on what Phishing emails look like and how to avoid them. Often, this is where thieves gather important information from you, such as asking you to login to a fake bank website.
- Reduce what you share of personal details on social media. Things such as birthdate, when you will be out of the country and other personal details can and are used against you. Consider sharing far less or no personal details at all.
- Ask your cellphone provider about additional security measures that they can enable to protect against compromises like this. Typically, this will include having a “port validation” process such as phoning you back on your current number before they approve any transfers. For business accounts, this may also involve having a separate person in the company be responsible for approvals for all employees.
- Consider using 3rd party mulit-authentication Apps. They are more secure than text message authentication. Free authentication apps include Microsoft Authenticator and Google Authenticator.
To learn more about how you can protect yourself and your business from digital threats such as Cellphone SIM Port Hacking, please contact us.
As always, wishing you a secure future!
Brad Kowerchuk, CEO