What is SIM Hijacking?SIM Hijacking occurs when a hacker convinced a mobile operator to transfer a specific phone number to another SIM card that the hacker controls. They can do this by providing your personal information such as your full name, address, phone number, address etc.
The hacker can now reset your passwords via your email and get access to your cryptocurrency wallets. You may know that one can easily reset your password by clicking on “Forgot password”. The exchange will then email a link to your registered email account that you have to click on in order to reset your password. It is that simple.
The same goes for a one-time pin (OTP). A system may ask you to provide an OTP that was send to your cellphone number via SMS. If criminals have access to your cellphone number, they can easily access online banking, cryptocurrency exchanges and other services you make use of.
How will I know if my phone number has been ‘hijacked’?There are a few tell-tale signs one can take note of that could be an indication that you are a victim of SIM Hijacking.
The obvious sign would be that some of your coins are missing from your wallet. If you are a cryptocurrency hodler, be sure to keep an eye on your account.
Another sign could be random requests to change passwords. Remember that hackers may not go after your cryptocurrency account first. Perhaps your internet banking. If you notice any suspicious emails or requests to change a password, hackers may be trying to get access to your accounts.
Then there is also “tech support fraud”. This is when hackers pose as virtual currency support. The fake support agent may ask for access to your virtual currency wallet and in so doing, transfer your cryptocurrencies whilst your waiting for “maintenance” to be concluded.
How to protect yourself against SIM HijackingFortunately, there are various ways one can protect yourself against SIM Hijacking.
- Some South African banks give you the option of taking out SIM protection. Contact your bank to find out more.
- Avoid having SMS-based Two-Factor Authentication (2FA). Rather go for Google Authenticator.
- Did you know you can set up an account pin for your SIM with your mobile service provider? You get three chances to provide the right pin before the system blocks you.
- You can also create a secondary email exclusively for 2FA.
- In most cases, hackers will be phoning you to test that your number is live. Make sure you have a spam call blocker like TrueCaller on your phone.
- Keep an eye on your email. If you receive an email stating that a password reset has been requested and it was not you, do not ignore the email. Act quickly.
- One can never go wrong with antivirus software for your devices.
- Have a separate phone that you use only for banking, crypto trading etc.