5 Bulletproof Ways to Prevent Sim Swap Attack
A SIM swap attack can also happen if you are not careful. We covered some prevention methods you can use to protect yourself from SIM swap attacks.
A SIM swap attack, usually in cryptocurrency, is an identity theft in which an attacker tricks a mobile carrier into transferring a victim's phone number to a new SIM card in the attacker's possession.
Once the attacker controls the victim's phone number, they can use it to reset the victim's passwords to various online accounts, including cryptocurrency exchanges and wallets.
SIM swap attacks are becoming increasingly common as cryptocurrency becomes more popular. Unfortunately, even with 2FA, you are still not safe.
SIM Swap Backstory
In 2018, cryptocurrency investor Michael Terpin was the victim of a $23.8 million SIM swap attack. In 2019, British hacker Joseph O'Connor was sentenced to five years for stealing $794,000 in cryptocurrency through a SIM swap attack.
Here's a more recent SIM Swap Attack, a loss of up to $385,000 covered by CoinDesk, whereby the victims are Friend.Tech Users:
It's getting crazy out there, and you might wonder how to protect yourself from a SIM swap attack.
Sure, enabling two-factor authentication (2FA) on your online accounts, including cryptocurrency exchanges and wallets, is still essential. But you still need more than these to prevent you from SIM Swap attacks.
The Top 5 Ways to Prevent Sim Swap Attacks
Important Note: I have left my phone numbers and email addresses all over the internet to PROVE that my Bulletproof SIM Swap Attack Prevention Works 100% of the time. On average, I receive up to 10 SMS and emails asking me to do something with my wallet or phone numbers—but it doesn't work on me regardless of how urgent it sounds.
If you need additional advice, feel free to reach out to me via Solid Metric's email address.
In this article, we will tell five bulletproof ways to prevent SIM Swap attacks from happening to yourself:
#1: Don't Let Anyone Touch Your Phone
Never let anyone outside of your family touch your phone. Not at all.
Your phone is your most personal device, and it contains a lot of sensitive information, including your phone number, two-factor authentication (2FA) codes, and even access to your bank accounts and cryptocurrency wallets.
That's why never letting anyone touch your phone is essential, especially if you don't know them well.
If you need to give your phone to someone for any reason, supervise them the entire time they have it.
And if you're ever worried that someone may have access to your phone without your permission, be sure to change all your passwords and enable 2FA on all your accounts.
This is not an advice to change your worldview into a much more cynical one. But, sometimes, you have to assume everyone will screw you up when handling your phone.
Always enable a password to access your phone because an unlocked phone is a home without a door. (Yes, door)
#2: Ignore Suspicious Emails
Phishing emails are among the most common ways attackers try to steal your personal information.
These emails are designed to look like they're from a legitimate company, such as your bank or mobile carrier.
But if you click on a link in a phishing email or enter your personal information into a phishing website, you could give your information to attackers.
If you receive an email from a company that could be a phishing email, do not click on any links in the email or enter any personal information. Instead, go to the company's website directly and contact them to verify the email's authenticity.
Remember, it doesn't matter who is sending you emails requesting you to click on links to 'check' or 'claim' something. Never open them—especially Metamask emails.
As quoted from Metamask:
How to recognize legitimate MetaMask emails:
There are only two types of emails MetaMask could ever send you:
- Correspondence about a Support ticket you opened from email@example.com if it's your first time, or firstname.lastname@example.org (for issues with MetaMask Extension or Mobile) and email@example.com (for problems with MetaMask Portfolio) if otherwise.
- Notifications from the Community page via firstname.lastname@example.org.
100% of the time, you shouldn't have anything or conversation opened with Metamask, even though officially.
Because one of these days, you might accidentally click on the wrong Metamask email, believing it was real.
See the image below of my email inboxes, filled with fake Trust Wallet, FTX Support, DocuShare, Atlas, etc.
Everything is fake and meant to scam you off.
#3: Ignore Warming Messages, SMS, or Calls Demanding You to Take Action or Send over the TAC Code
SIM swap attackers often use social engineering tactics to trick their victims into giving them their phone number or TAC code.
For example, they may text you claiming a problem with your account and that you need to call a specific number to fix it. Or they may contact you and claim to be from your mobile carrier and that they need to verify your identity.
No legitimate platform will ever send emails like this without a proper announcement in multiple channels—primarily through their app or homepage.
Never tell anyone your TAC code even though it's a scam message.
This includes phone calls whereby a representative may ask you for a TAC code verification during the call.
If you receive any communication from someone claiming to be from your mobile carrier and asking for your personal information or TAC code, do not give it to them. Instead, disconnect the phone or delete the message and contact your mobile carrier directly.
#4: Never Get Drunk Outside Your Home
Never get too tipsy or drunk without trusted companions around you or in places that you are not familiar with.
When drunk, you're more likely to make mistakes and give out sensitive information to people you don't know. That's why it's essential to never get drunk outside your home.
If you're drinking, do it in a safe environment with people you trust.
And if you need to leave your home while you're drunk, don't, as you are now risking your phone and yourself.
People do the stupidest things when intoxicated, and you wonder why most spies operate in bars and clubs.
#5: Enable PIN For Activating SIM Card—Keep your PUK Code Home
Most mobile carriers allow you to set a PIN code for activating a SIM card. This PIN code will be required to use your SIM card after you restart your phone.
Contact your mobile carrier to enable a PIN code for activating your SIM card.
Keeping your PUK code safe ensures you won't mess up with your PIN. Your PUK code is an eight-digit code that can unlock your SIM card if you forget your PIN code.
If you lose your PUK code, you must contact your mobile carrier to get a new one—it usually requires a physical visit to the mobile carrier provider center.
By following these five tips, you will guarantee to never suffer from a SIM swap.