Expert Explains How To Prevent Cell Phone SIM Card Swapping
HTML-код
- Опубликовано: 28 дек 2023
- Have you heard of SIM cloning or SIM swapping? We're talking about the sim card inside your cell phone and how scammers can take advantage of it. Jonathan Kimmitt with Alias CyberSecurity explained more.
There should be a class action lawsuit against the cell phone carriers who don’t verify ID before moving your phone number to a different device.
We do not need to feed yet another lawyer 40% of the total sum!!!
@@oak3076 I was thinking punitively.
Sometimes this whole thing could be becoming from people working at the carrier company itself, which is really scary
No. There are around 300+ million cell users in the US. The total number of sim swapping incidents since they've been tracking it is like 2000.
By the time the sim swap happens the hackers already had hacked their email accounts and gathered a lot of data on them and some of it from social media
The carriers do verify ID first, but the thieves have all they need to pose as you, such as using their phone to get past the "double-identification" process. This interviewee failed to emphasis how easily and quickly your bank account can be drained to zero.
this was pretty ineffectual information about preventing sim-jacking
The mobile companies should verify with original owners before issuing new sim
Agree tho what if it’s inside job
Maybe get a physical security key
The up side is they would get all of my spam calls . LoL 😂
Venmo is an app that asks for a driver's license to reactivate an account. I remember when they give out $10 to reaccess your account
With ID NUMBERS SOCIAL SECURITY NUMBERS
This is an issue with the phone carrier, they're responsible for keeping your data private. They need to ask for a photo ID before any transactions occur. Phone carriers should be held accountable and help the victims of these crimes.
So the carrier should be held responsible for any loss of money
@4:14 - you can make sure that you're not using text messaging as your multifactor.
Good luck with that. Most financial institutions force us to give them our phone number or else you can't have an online account. They don't offer other options.
I am Looking for a bank with multifactor identification. Also put a note on my current account which forbids domestic or wire transfers unless I physically go to the bank with my ID.
Yes they do. They offer to add specific secret questions like “When is my father’s birthday?”, “What is the name of my first pet?”, etc.
Attackers cannot know answers to the questions; but to ensure your safety always flush the navigation history and “cookies” from your gadget before and after going to online banking: Ctrl+Shift+Del=>All time=>Clear data.
The expert should have mentioned setting a PIN for your SIM card. It’s not foolproof, but every little bit of defense helps.
Pin for SIM is a good idea, but it doesn't do anything to prevent SIM swapping because SIM swapping has to do with deceiving the phone company -- nothing to do with having physical access to a SIM card.
@@plowe6751 you are incorrect. You set up the pin with the carrier, it is not something on your phone. And it should be six digits not four. I set mine up with my carrier in the store when I bought a new phone. The pin does not even go on the phone
@@kpv123 The PIN that you choose is not the same PIN you use to port your cell number out to another carrier. The PIN used to port your cell number out to another carrier is generated at the time of request to port out and is only good for a limited time for security reasons. There are different PINS for different reasons. The PIN you choose at the time of buying a new phone is basically a "password to your account" letting your carrier know you are who you say you are. To make matters more confusing, your physical SIM card has a PIN too that you can set if you want to. So far in my comment, I have spoken of 3 different PINs. Confusing, isn't it.
Lost my pin once, called carrier, all that was required was a new sim card with the long digits on the back of it to port. Sure they verify you DOB or whatever, but a sim pin doesn't prevent a port is my point.
THIS IS ALSO A PERSONAL SAFETY ISSUE. THANK YOU
3:30 Don't allow Google or your phone to store your login IDs or passwords.
I’m now listening to everything about this.. so it’s starts with the phone service by not getting identification.
No. It starts with victims being hacked in their other accounts like email because of reused or poor passwords. It starts with victims posting personal information on social media that hackers use to help pretend they are them.
jvanek8512 is correct. It starts with an ID theft. Remember scammers need your info to convince your cellular provider they are you. The more the know about you, the better their chance succeeding in the attack.
The hackers are using the same people we go to to fix the problems with our phones to get our new info.
They also get info from people who reuse passwords or have simple passwords or put all their life info on social media.
When punishments are lights, scammers flourish. They say that in some asian countries nobody would try to touch forgotten things because it could be accepted as stealing, and punishment for that would be an amputation of one's arm.
The expert didn't mention to call your cellular provider and ask for enhanced security. Require a PIN known only to you for any account changes, including a port pin. While there's no guarantee nothing will happen, as employees at the cellular company could taken by a scammer, every little bit helps. Also, the expert said SIM stands for subject identity module. It's actually subscriber identity module. Anyway, stealing one's phone number has to deal with fooling someone that they are you, and you need your phone number moved (you lost your phone, and so on). The SIM or eSIM is just the underlying technology.
Amazing - the title is about how to prevent sim swapping. And the conclusion is that it cannot be prevented and therefore you take other measures to protect your accounts - such as multi-factor authentication - when the only multi-factor authentication that 99.99 percent of the banks provide is via your phone number (sim). Great click bait title!
I went through all of my accounts recently to set the best available security. I found that I could use a FIDO2 security key for some accounts, authentication apps for some accounts, email authentication for some accounts, SMS text message authentication for some accounts, and no multi factor authentication at all for some accounts. Don't use your phone for banking and investing.
At least it helps to be aware of it. E.g., I will never use any website (TikTok, e.g.) that requires me to give them my phone number.
Also, banking is the biggest but not the only risk. If a crook hacks your social media or secondary account, they can use that info to impersonate you. E.g, I called up an old school friend's mother from his yearbook home number "Hi! I'm a friend of Johnny, I was on the tennis team with him at Rutgers. I'm trying to get in touch with him." "Oh isn't that nice. Here, let me get you Johnny's new number."
Keep your phone locked! Never do banking with your phone.
Yeah right. Why use a mobile afterall
Absolutely! I don’t do anything but text, take photos and ring people with my phone. I would NEVER have my bank info let alone its app on my phone. We had our daughters take their bank off their phones years ago. One didn’t and she had Venmo as well. She was hacked. Got her money back but only because it was connected to her debit card.
I use my phone for everything including banking and credit cards. I have a tablet that I only use for RUclips, Rumble, and Gettr. I have a laptop that I don’t use for anything, it just sits in a drawer. Some people say I should have 2 phones, one for everything and a cheap one to take if I go somewhere. What’s your opinion.
Agree. Or if you do use apps, never let your phone store your password, and always retype your password into it and keep the password on a physical notebook never on your phone.
@@Tad-zh4wr Agree. You can now use biometrics (facial recognition) to log in.
Even more important, DOWNLOAD the Latest Apple 17.3 upgrade for their new protection system. You have to activate it or it will not do you any good. This upgrade was NOT available a month ago!
Sanjosemike (no longer in CA)
I’ve watched several videos on this subject. Still don’t know how to prevent someone from stealing my SIM card. Should I lock my phone in a drawer? WTF?!?!
Exactly, I love how the click bait title does nothing or isn't about preventing at all, disappointing video.
This is why you don't use your phone number for any type authentication. Everything goes to my email, which needs a password to access. It really isn't difficult people. Stop using your phone for everything.
Actually you should set up a PIN number with the carrier itself. A person requesting any changes to a phone number would need to provide the carrier with the PIN number that you created with the carrier. If they can not provide the PIN number, the carrier should not make any changes to the account.
I did not link any bank accounts or credit cards or anything with 2 factor authentication to my SIM card/phone because of things like this. I’m old school and do everything over the counter at the bank. So if they get my sim they get nothing.
If your providers still use simple 2-factor authentication (e.g. SMS, last 4 digits of payment, mother's maiden name...) to reset passwords, please file a complaint!!!
Banks and cell providers should use proper multi-factor authentication like authenticator app, security key, and unique backup codes!
Do you know how much overhead that would require? Old people are not going to want this change either. so, IMO this will not be required for some time. I do totally agree with your idea though.
@@gerrybuffett770 should be recommended as an option.
For the bank login, I think the website will ask for username and password and then the bank website will send the security code to your phone so you can use it to enter the security code on bank website so if they steal my SIM card phone number, they still need username and password to login. If you choose forgot password option, the website will ask for your username then bank sends the temporary password to your email
Some banks sell a special physical key to use to log in. I won't tell you which, since I don't disclose private data online.
You should NEVER have your username on your phone.
But you have to order it. They will mail it to you.
Sanjosemike (no longer in CA)
The phone carrier should be responsible for something like this. If they allow somebody to call up and just say I need a SIM card and send it to my address here and then they do so when it's not the person who owns the cell phone, then they should be sued. And I bet you any amount of money that people are going to get tired of it and they're going to start suing these cell phone companies. And they should. Because this is not right that the cell phone carriers allow someone to get a hold of their SIM card when they still have their phone and their SIM card intact. If these politicians were doing their job they would enact laws that protect consumers better than they do. I'm disgusted with our politicians overall across the world.
The carriers are 1000% RESPONSIBLE for this. NOT THE BANKS. I. Swear I would sue AT&T, T-Mobile et all out of existence!!!!!!
the bank is partially responsible for it too. They force customers to use phone number as the second factor authentication. They don't offer other options (eg: Authenticator apps).
@@shaggydawg5419 true and you have a good point. But the whole ball doesn’t even get rolling if the carriers were more stringent.
this vid did Not mention to Have A PIN number Required by the carrier in order to access ANY changes to your phone account.... I am asking my carrier about this security process....
still doesnt stop the inside job....
I use this method with AT&T. The phone rep can’t access my account without entering my PIN number.
Guy was wrong from the get-go. SIM is an acronym for _subscriber identity module_ not _subject identity module._ Also, if you want to transfer your number to a new phone, simply put your old SIM card in your new phone. Other advice was sound though.
Most new phones have an embedded SIM card that cannot be transferred to a new phone.
The crook would tell the carrier they lost their phone or the old sim is not compatible.
@@retiredinbali9565 so what happens when you lose this type of phone and want to keep its same phone number ?? how does this work ??
It can all come down to simple trickery .
I don’t use text messaging as authentication method. I requested my mobile carrier to ask for 2 information (a security question and a PIN) before discussing anything about my account.
, this will be a problem if the Sim swapper is coming from the carrier itself like an inside job.
I have no passwords anywhere on my cell phone. I also don't have any banking features or tap payment features on my phone. I also shut down any Wi-Fi features on my phone.
This happened to my Cable Modem. I could NOT get online, yet the cable company said I used too much data and my modem was online and I could clearly see it was not online.The technician came out and talked to the rep and unplugged everything the rep said it is online, NO IT IS NOT. What a mess this was. Move the Settings to a folder or a few pages back in other apps to make it hard to find. Apparently there are now ways to hide the Settings.
Moving the settings app so it’s harder to find on your phone will not improve security.
Explained just about everything except what was in the title: "How To Prevent Cell Phone SIM Card Swapping"
With the newer/higher end phones it's optional use a SIM - they have an "eSIM" which is builtin to the phones. I know iPhone 13 as one example I have personally helped someone switch to. Just call tech support with your cell provider and tell them you want to use only the eSIM. Then break the SIM with plyers, throw it away, and you're safe from this scam no matter what. Or Google on how to add the SIM pin if you don't have one. (The default pin is 0000 with Androids apparently, which is needed to set your pin.)
Why do you think eSIMs are more secure? I’m not a secure expert, but I’ve used both kinds, and in my experience I don’t think that eSIMs are more secure or more immune to this scam compared to physical SIM cards. In fact they may be worse since the thief doesn’t even need to go anywhere to get one, or wait for it to be shipped to them. Once they convince the phone company that your number is theirs, they can download and install the eSIM in minutes no matter where they are.
How does an eSim prevent a crook from calling up and saying they need to switch your number to a new phone?
@jashannon false. Sim swap happened to me 2 days ago with a eSIM. The change was done by a store.
That is absurd not to give out your phone number.
Not the guy but for the phone companies.
That's one of the purposes of having a phone is to give out your number so people can contact you.
Phone companies need to act quick and stay ahead of these scammers to keep customers safe.
If you do need to keep your passwords on your phone put them in a encrypted folder (In Fact encrypt your phone)
He forgot one thing. You can put a pin in your SIM card. This will prevent the thief to get your number working. You can put screen time in your IPhone for every app you’re using, specifically banking.
Always have a personal pin or verbal password for dealing with accounts over the phone.
There are times when SIM swapping is needed, such as if you drop your phone in the lake, or you lose possession of your phone. The scary part is: who _doesn't_ store their email password on their phone? Or use text messages for authentication messages? And if you get a new phone, passwords may get carried over automatically? That's a back door into your accounts.
Using txt messages as an authentication method is so dumb.
Just do not respond to emails or phone calls. Call them back directly. There should be more security to verify it's you too.
100% of SIM swap attacks are the result of someone other than the owner of the account modifying the account without the owner's approval. A company called Cloaked Wireless has solved this by only letting the subscriber modify the account (their staff can't modify accounts). Basically, it solved the whole SIM swap problem.
Ok I Am Going To Report All Of This Indignancy Lacking Fairness
!!!
And he’s an expert 😮
My cell phone has no Internet, and I don't do banking on my iPad. So a scammer will be highly disappointed if they get a hold of my devices.
TRUE AND CAN BE DONE TO EVERY CUSTOMER IF NOT STOPPED ...
CAN BE DONE !!! EASILY AND THE SERVICE HELPS THEM , NOT ALL SERVICES BUT ??? WHO KNOWS ???
Don't use a "smartphone".
You're welcome.
banks don't let you bypass the texting method of multi factor ID. Bio data is still a file that gets compromised - it's a saved file that gets matched in authentication - so it can be stolen as well. Photos can be used for face verification - it's not hard. with the number of 'new' cellphones that were actually 'returned' phones being sold as new BY the wireless carriers themselves - would certain exploit the ID of customers. Removable sim cards are being discontinued in the US - so you can't just switch them out to overcome this issue yourself/autonomously.
The Indian government has done something about this issue. It isn't perfect but it's at least something and I don't understand why the US cannot do the same thing.
In India, no matter who the carrier is, if you swap your SIM (even legitimately), SMS text messages will not work for 24 hours on the new SIM. That's by law. This 24 hour period might give enough time for the real owner of the number to figure out that something is wrong because their phone stopped working and do something about it. Anybody who steals your number with a new SIM will not be able to receive OTPs etc for 24 hours.
Can we not have our bank app on our phone? Can they still get to our bank acct if I delete my bank app from my phone?
Most are eSIM now.
Ive found the perfect solution. Leave the damn phone at home. I have found no need at all to bring my phone anywhere.
Request from your phone carrier for in person identification and special pin before getting new Sim card
Just DO NOT use technology.. period.
Exactly! I have none of my personal accounts on my phone and I still go to the bank to deposit checks whenever I get a check, which is rarely. And stay off social media. Scammers target cell phone because everyone uses them.
I can’t find any phone booths what happens to them .
Moreover, I should have added this: that cell phones as convenient as they are happen to be the most used target of the scammers. I had my accounts on my cell phone and my credit card was stolen four times by the scammers. The bank would only change four numbers in my account number. After the fourth time I closed the account and took ALL my accounts off of my cell. None of this kind of thing was a huge problem before the advant of cell phones, social media and the tell-all your business in public became popular.
Never use the phone for banking, as it defeats the 2 factor authorization
So if you use your phone for banking access like many people do, what?
Why is no one stating the obvious?? Don't give out your phone number. They have to have your number to swap it.
They layer on the bottom then need us to got new phones with. No physical card
Sounds to me that the PHONE PROVIDERS NEED TO STEP IT UP ON WHO they give information to. Starts there.
This stuff is beyond creepy thanks 4 the heads up on this malicious shit.
Sim PIN number?
This was BS. You can't prevent sim swapping.
I have a question: I keep all my passwords in Notes and lock it with Face ID. Is it safe if SIM card were swapped?
Specialist (Guest) doesn't even know what SIM stands for 0:40 its NOT "Subject identity module" it's "subscriber identity module"
this is why I never let my phone or my computer save any passwords
Cell phone companies, should be verifying the identity before doing that
Is it just me, or did they not explain how an attacker does this?
There is also blue bugging.. accessing your phone via blue tooth
range limited but true. I would opt more for Malware on phone as the weakest link.
There is a lot of flaws in what this expert is saying. It is not possible for SIM swapping to occur successfully without the service provider's complicity. Hackers requesting a sim swap should at least be made to visit the service provider's offices, to verify himself/herself before the swap is done. Why do such a sensitive act over the phone? If this is not possible, then issue a new sim with a different number to the person.
nice isheep thumbnail
No mention of locking down your sim card with a pin? Also, it's really not feasible to NOT store passwords on your phone AND maintain a unique secure password for everything you do on a phone unless you use a password manager of some sort.
But how the hacker would know the username, password of my bank account? even if I save it on my mobile, it is saved on mobile hard drive and will not automatically transferred to hacker.
password easy - reset password ;) act usually a email login. (Insider / malware?)
The person who works for the "cell phone service" is MOST LIKELY--NOT TRICKED! They ARE usually thee INSIDER working the scammer or GROUP of scammers!
'' Seems to me.....seems to me '....(George Carlin quote) that people ; DON'T understand / realize ....that cell phone, is just an electronic instrument . THE ' phone ' .....IS THAT S.I.M. CARD...
Verizon Paris Texas done that to me I had a G4 card to put in the G5 card and get my G4 SIM card Verizon did my other phone that way that's why I got a new phone
Which banks have Multifactor Identification? I will move my money there.
very few.
Then the phone company shouldn’t just give anyone your SIM card .Those phone company should have more information before they give your SIM card to any one
Don't Put Bank Information In Phone. Don't Put Family Names Addresses in Phone. Don't Put Pass Words .Codes.
So don’t use your phone?
i hate multifactor. my phone isn't getting a code for it.
Sim swap pin
Don't keep your passwords on your phone.
So he said nothing
And to think facebook wants to tie our phones to your account. They used to didn't do that and all you needed was an email. I left them and instagram in 2022. Had too much censorship for me to continue there and when I got locked out was the last straw.
The phone carrier should make you come in for a change like that and you would need identification to proceed.
Don't give your phone number to strangers,great tip.
WHO THINKS OF THIS SHIT!!!??..... I AM SIMPLY TOO STUPID AND LAZY TO BE A CRIMINAL. UNBELIEVABLE.
This must only work on people who never use their cell phones. The second your carrier switches your SIM card, your phone won't work anymore. It'll actually have a pop-up message that says no SIM or SIM error.
A crook could use MFA in the middle of the night to get into your bank account. There is a small window of opportunity for the crook.
3:50
Screw selling company.😂😂🎉🎉🎉😢😢😢😮😮😅😅😊😊😂😂❤😂😂😂
Don't Do Anything But Talk
They solve it in Saudia Arabia since long time.
@@nolamar1 First of all, to transfer your SIM card to anyone you need to visit the service provider and bring the person you want to transfer the SIM card to.
Then you must show both of your ID cards for identification. Then you consent and put your fingerprint to approve in the fingerprint scanner. That is all. The service will suspended for 24 hours. And reload new information to the system. And you are out and safe. All that probably takes a few minutes. That's all my dear friend. 😁
Hey dudes your busted. You know who you are.
This is like from 1999…what phones use physical sim cards nowadays….no new phones….This is a hood problem with prepaid phones maybe.
I dare you touch it