Online security site Niebezpiecznik describes a case of “stealing” someone’s phone number by getting a duplicate SIM card. The site claims that the entire operation was performed remotely, knowing only the PES number.
What is so-called SIM swapping, or swapping (obtaining) a duplicate SIM card? In short, it’s a form of fraud that allows you to obtain a duplicate of your SIM card and thus take over your phone number (the original SIM card is deactivated). What does this give you? For example, access to all services that require verification by means of, for example, a code sent to a number assigned to online banking.
Case described by Niebezpiecznik.pl concerns T-Mobile operator. The site’s editors claim that by knowing only the Pesel and using a regular starter, they were able to steal the phone number and make a duplicate SIM card. Fully remotely. The situation was supposed to concern pre-paid offer. The whole case was described by the Niebezpiecznik website in an extensive material.
Interia’s editors asked representatives of T-Mobile for comment.
SIM swapping – how to defend yourself?
There are three main ways to thwart SIM swapping attacks.
– Never use data related to you in PIN codes or passwords, such as your own or your family members’ birthdays.
– Don’t share too personal information on social media and verify the categories of people who can see your posts.
– Where possible, use multi-step authentication, especially based on an application installed on the phone (safer option than one-time codes in SMS messages) or a dongle (safer option than the previous two).
What to do if you suspect an attack?
If the phone or SIM card is used for banking services and any of the following events occur: theft, loss of the phone or SIM card, unusual operation of the phone due to its being infected or hacked, receipt of suspicious messages such as “service unavailable” or “SIM card error”, or information about unordered changes to the subscriber’s account with the mobile operator, the customer should immediately contact the Customer Service Department, and its employees will take appropriate action and help to clarify the situation.
It is also imperative that you contact your bank and make sure that no one has made changes to your bank account and that no suspicious bank transactions have been ordered and recommend steps to safeguard your account and the money in it.