Recently, law enforcement officials in both Europe and the United States have arrested a series of individuals in relation to SIM-swapping scams.
In a SIM swap scam, a conniving hacker obtains your phone number, and then calls your wireless carrier –pretending to be you- claiming to have lost the phone’s SIM card. “Can you please redirect my phone number to another SIM card?” the hacker might beseech. The customer service representative then compliantly redirects the phone number to a hacker’s SIM card, entirely unaware of the scam. Princeton University suggests that mobile phone carriers take action in order to secure the personal information that belongs to mobile customers.
Major corporations are facing lawsuits over sim-card scam related privacy violations and resulting financial damages.
These days, phone numbers are connected to Amazon, Netflix, Hulu, Instagram, Ebay, Paypal and bank accounts, and can be leveraged to reset corresponding passwords, providing hackers with unlimited access to your platforms (and potentially, your wallet).
Krebs on Security perfectly articulates the question forming in the back of my mind, “How exactly did we get to the point where a single, semi-public and occasionally transient data point like a phone number can unlock access to such a large part of our online experience?”
The answer remain elusive, but one thing is clear: phone numbers have become identity documents, and like government issued identity verification documents –think passport and social security card- organizations must strive to protect them.
For tips on what you can do to secure your own phone number, check out this article from Motherboard.