One of the best known scams of this 2022 is the exchange of the SIM card (“SIM-swapping”). By tricking those who work at phone companies, fraudsters make vendors transfer our phone numbers to them to cards controlled by them and there they can empty our Mercado Pago accounts or the online bank. But few know that there is a way to protect yourself from this.
SIM cards are integrated circuits that store the phone number, along with other sensitive data such as international line identity and a unique serial code. They are transferable between devices: just remove the card and place it in another phone the telephone line and personal data are transferred.
Computer security specialists say that cybercriminals use this technique to duplicate the SIM card of their victims’ cell phones. A) Yes, can access all your personal information and, above all, use them in the verification through the mobile that everyone usually asks for banks when operating through the internet.
The problem stems from the few security measures of the telephone companies. From there, cybercriminals are able to circumvent any type of security barrier through a technique called “social engineering”, which consists of deception through persuasion and psychological manipulation, as well as taking advantage of human error. In this case, because telephone companies give out SIM cards to anyone who comes to ask for a new one.
Few know that beyond the phone password, the SIM card can also be protected by a 4 number pin.
Put a PIN on the SIM: the only solution
The SIM contains the phone line. Photo: Shutterstock
A SIM card usually comes with a default PIN, but it is not used for blocking purposes. The SIM card also has an unlock key associated PIN (PUK), which is usually used only when the line is purchased for the first time.
But the SIM card can have a key for each time the phone is turned on. In this way, if a scammer asks for a SIM with our phone and inserts it in his device, he will have to put the key that we have chosen. In this way, you will not be able to log in to access our accounts.
To do this you have to access the security options of the device.
Step by step, in the phone configuration: put a key on the SIM
Once there you have to activate the advanced options, where it will display the SIM lock option. There you can change the pin. It’s as simple as choosing a number that we remember and that’s it.
As a piece of advice, it is very important not to forget this pin, it is a good idea to write it down on a piece of paper and leave it in a safe place at home.
Second factor, the other important measure
Passwords and passwords. Photo: Shutterstock
Another of the essential security measures has to do with having the second authentication factor activated in all our accounts. While the sim swapping “bypass” this security measure, all other scams are thwarted when we have this active.
Double authentication is a security filter to protect accounts from unauthorized access. Also called “2FA”, this allows a system to confirm that a person is the genuine owner of the account being accessed. Validation is through something that, in theory, only the holder knows, has, or is.
This is one maximum computer security: to access we need something we know (a password), something we have (a security token, for example) or something we are (biometric data: fingerprint, face, etc.). Each of these is a different factor. For our account to be safe we need at least two of these three factors.
Two passwords does not imply two factors: the factors are distinguished so that it is difficult for cybercriminals to access the account, since with our password alone they will not be able to enter since they will need validation from our cell phone or our fingerprint.
For this reason, whenever the application allows it, a second factor must be activated through applications such as Google Authenticatorand never choose the SMS option as it is the simplest for cyber criminals when doing sim swapping.
SL
