Pages:
Author

Topic: Another day to take caution of sim swap attack (Read 334 times)

legendary
Activity: 2604
Merit: 2353
September 24, 2023, 02:59:19 PM
#32
How is a sim swap possible?
All that you need for successful sim swap is one incompetent and not enough educated person working for those telecommunication companies and that's probably what happened here.

Still, its baffling that people like Bitalik are not taking better care of their social media accounts and still use mobile phone number for 2FA, when they know (or at least they should) what kind of damage hacjker can do if he gets control over it.
In some countries you don't even need to mislead a telecommunication company employee with social engineering. Because phone numbers have a "Porting Authorisation Code" allowing them to be bounded(ported) to a new SIM card. So if someone knows this code he can steal your phone number, and receive SMS and calls on his phone.
https://en.wikipedia.org/wiki/Porting_Authorisation_Code
sr. member
Activity: 812
Merit: 315
Vave.com - Crypto Casino
Sim swap attacks are real, I am surprised that someone like him isn't taking this very seriously, he should know better than anyone else, I refused to link my phone number to any crypto or social media account, I believe that those who works in the telecom companies can easily sim swap anyone numbers.

My advice is people should stop using their phone numbers as the only way to access their social account, bank account and crypto exchange accounts, make sure you set up three ways of receiving verification codes before you can log into your accounts, I used to add phone numbers, but now I don't.

Now I prefer to use a special code that's know to me, a code to my email account, and another code through 2FA authentication, for hackers to get into my account, they will need all these codes at once, it will be extremely hard for them to get all the codes. 
legendary
Activity: 1890
Merit: 1537
Just like not your keys not your coins is repeated on the forum, it seems sim swap attack warning/awareness needs to be spread as such.

It is not news again that co-founder of Ethereum Vitalik Buterin had his twitter(X) account hacked. This lead to a phishing link been posted and many lost their funds.

Now Vitalik himself has come out to said the attack was through his T-Mobile phone number by sim swap and the hacker got access to his X account through requesting for the authentication through phone number.
Vitalik is one of the most prominent names and personalities in the crypto market, and he is not the only one exposed to a sim swap attack. I can say that many prominent figures like him were exposed to this attack previously, such as Jack Dorsey. The sim swap attack has been common for years. Scammers use it after deceiving the mobile network operators under any pretext to obtain the new SIM cards of prominent and influential people who have accounts containing millions of followers and substantial financial accounts so that they can obtain calls and messages to the victims’s SIM cards so that they can hack their accounts.

What I know is that it is an attack targeting specific people and not a random attack. Also, as the OP mentioned, some signs are easy for anyone subjected to this attack to recognize. Still, he must be on the lookout for his phone, which has a SIM card constantly. He must link his accounts instead of two-factor authentication to the SIM number, which must be done through the Google Authenticator application or YubiKey or GoogleTitan Key.
sr. member
Activity: 728
Merit: 421
I am still wondering this whole scenario of a thing. If a computer guru, the founder of ethereum blockchain could have his phone simcard swap and got his account hacked I was also wondering how the novice that knows nothing about tech could be going through without their knowledge of being hacked.
You don't need to wonder how it happened because sim swap is not new and the hacker had help from someone in the telecommunication company. As a tech expert and with the incessant cases of sim swap on the rise, I expected him to fortify his account with another layer of security. If he had added 2FA to his Twitter account, it would have made it impossible for the hacker to hijack the account and send the phishing link. Sadly, persons who fell for the click bait have to learn the hard way and newbies can also learn from this.


It all points towards my curiosity and making it pertinent that one must be careful and be able to protect their details safely so as to avoid hack or if per adventure any attempt is made, there would be a prompt from the end of the account owner but what baffles me on is that the victim is a computer guru himself and a founder of the Second largest blockchain itself. He is the list person I would hear about suffering hack from scammers when in the reality he himself knows more about the industry and how it works.
sr. member
Activity: 658
Merit: 441
I am still wondering this whole scenario of a thing. If a computer guru, the founder of ethereum blockchain could have his phone simcard swap and got his account hacked I was also wondering how the novice that knows nothing about tech could be going through without their knowledge of being hacked.
You don't need to wonder how it happened because sim swap is not new and the hacker had help from someone in the telecommunication company. As a tech expert and with the incessant cases of sim swap on the rise, I expected him to fortify his account with another layer of security. If he had added 2FA to his Twitter account, it would have made it impossible for the hacker to hijack the account and send the phishing link. Sadly, persons who fell for the click bait have to learn the hard way and newbies can also learn from this.
staff
Activity: 2436
Merit: 2347
The phone has always been a weak point for crypto users, especially when it comes to making any crypto transactions, gaining access to an account or other confirmation methods. I prefer to trust passwords, two-factor authentication and email confirmation for any login attempt with a new device or new IP.

The Quickstart Guide to Protecting Against SIM Swaps
sr. member
Activity: 728
Merit: 421
I am still wondering this whole scenario of a thing. If a computer guru, the founder of ethereum blockchain could have his phone simcard swap and got his account hacked I was also wondering how the novice that knows nothing about tech could be going through without their knowledge of being hacked.

This is the more reasons one needs to act and play safe with their devices and gadgets. Nobody can tell who the target could be. Avoid clicking on links you know nothing about. If you are not expecting a mail from anybody and you receive unsolicited messages do well to press the delete button with immediate effect to be on the safe side.

Lastly, take Cognizance of your call log and activities. Never give your phone to strangers for a minute call or whatsoever otherwise you will have yourself to blame when the repercussion comes knocking at the door.
legendary
Activity: 1750
Merit: 1329
Top Crypto Casino
Imagine even the top valuable names get attacked their account if these person use the another layer of security to their devices like the 2FA there's a chance might be aware and have this preventive measures well right now there's no really safe in the internet reason why your credentials must be secured.
I guess this could serve as an expensive mistakes to the victim and of course possible ruins or damage Vitalik's name at this point.
sr. member
Activity: 1316
Merit: 422
Catalog Websites
The victim of this attack is one of the big names who has many followers, someone like Vitalik, who is known as one of the founders of the Ethereum platform, can still be infiltrated by hackers. It's not that he already knew the risk that weak Twitter account security would be very detrimental to other people due to the influence he has, so why did he ignore this risk and not strengthen the security of his Twitter account using 2FA? Attacks via SIM cards are very easy to carry out without other security support such as 2FA. This incident teaches us to be more careful in accessing suspicious or phishing links.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
How is a sim swap possible?
Here in my country before you request anything from the sim carrier like requesting for sim replacement you need to provide a selfie and submit a few documents for verification. So how does Vitalik Buterin fall to this attack?
~snip~

I also wondered that until I once had to replace my old SIM and I went to the physical office of my operator who only asked for my existing mobile number and nothing more - in one minute I had a new SIM card. I never thought of using a mobile number for 2FA before (and especially after that), and as for how Mr. Vitalik managed to lose his account is something that speaks volumes about how intelligent he is.

A man who has been trying to dethrone Bitcoin for 10 years and who suddenly concluded that POS is better than POW is not even capable of protecting an ordinary account on a social network.
sr. member
Activity: 952
Merit: 275
Pray you don't become a victim to sim swapping attack, even if you act very fast and report the issue it's still not the end, There was a story online about a man in New Jersey who was a victim and reported back to his service provider customer care, they fixed the issue and he believed them, few months later they stole all his crypto assets.

If a culprit is working as the customer service in the sim company then this is possible, this was what everyone starts thinking, sometimes, this evil act can also come from those within your circle, someone very close can install some spying software in your phone without you knowing, this is why I don't give up my phone to any family and relatives, it takes seconds to minutes to install something you don't know on your smartphone and they will keep spying on you.
legendary
Activity: 1722
Merit: 5937
How is a sim swap possible?
All that you need for successful sim swap is one incompetent and not enough educated person working for those telecommunication companies and that's probably what happened here.

Still, its baffling that people like Bitalik are not taking better care of their social media accounts and still use mobile phone number for 2FA, when they know (or at least they should) what kind of damage hacjker can do if he gets control over it.

hero member
Activity: 630
Merit: 510
I cannot believe that someone who cares about privacy still uses a phone number to secure his accounts, not to mention that he is a developer and is supposed to know this information. Securing your account using a phone number leaves you at the mercy of a third party. This third party may freeze your phone number, block it, or even misuse it, waiting for this to happen. Such attacks to update your information about security is a bad thing.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
It’s that disappointing for real with these guys and this one with Vitalik Buterin even given the fact that, his a programmer and understands the risk that surrounds the cryptospace, what influence he commands and who a single flaw from him could cause a worldwide significant damage like we hear people cry of recent.
They are technical men with deep knowledge about security. They know how to go OPSEC but it is knowledge which is different than practice.

They can have good knowledge and skills to secure their devices and accounts but practically, they can not do enough security wise steps to keep their devices and accounts safely from hacks.

Vitalik is not a first senior developers have accounts or devices hacked or compromised.

Luke Dash Jr., a senior Bitcoin developer got one too.
Bitcoin developer @lukedashjr's wallet was hacked
legendary
Activity: 1554
Merit: 1139
Sim swap attack through T-Mobile is not new. I am disappointed that these kind of people with numerous followers do not protect their social media account. Twitter, now called X has 2FA and Security key hardware which Twitter users can use to protect their account.

Why would people go for text message only which is also by default. Sim authentication is not safe. Use app 2FA or hardware security key for a better security.
It’s that disappointing for real with these guys and this one with Vitalik Buterin even given the fact that, his a programmer and understands the risk that surrounds the cryptospace, what influence he commands and who a single flaw from him could cause a worldwide significant damage like we hear people cry of recent.

Layers of security is needed when you wheel that sort of power over a large mass which most are unknown to you.
Even having these 2FA delivers to you by mail is very difficult. I once did have an authenticator app to provide me with these codes. It worked like tokens, and wiped every 30 seconds or so. That would serve some real purpose but, you’ll be sure to ensure it’s used in a safe device and you properly store your importing code/seed.
sr. member
Activity: 728
Merit: 444
Never trust your phone security.Have a financial accounting record off of your device will help you later . There all sorts of attacks going on at the moment you don't even need to be a victim of it before you get prepared or ready.  Take all the precautionary measures to stay safe online. Sim swap attack is actually more dangerous. Sometimes it is better to get the paid security measures on your device.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
This wouldn't happened for those who have more than one verification which is not just sms verification but also 2FA verification. This is not new attack though therr are some people who are victims of these attack. Anyway, thanks for sharing this news OP although if we talk about keeping money safe it should be very secure even though it is annoying to access your account where you have to go through more than one verification and it's also the same in an online account as it could be used to fool anyone using your account to get what they want.
hero member
Activity: 3024
Merit: 745
🌀 Cosmic Casino
Why would people go for text message only which is also by default. Sim authentication is not safe. Use app 2FA or hardware security key for a better security.
Exactly, this is where most of those hacks through sim swap comes. Their 2FA is through their sim numbers and that's how these hackers gained access to them. Those that does it thinks that it's easy and safer because the 2FA code is sent over your network provider. But it has been proved for so many times that it's not and with sim swap, it can be taken by the hacker. Aside from 2FA through authentication apps, the email AUTH is also another option but this is not safe too especially if you've been using that email and you know that it has the same password of what you're using in many websites.
hero member
Activity: 770
Merit: 538
Leading Crypto Sports Betting & Casino Platform
This was also the same thing Kiakia was talking about in his thread here, and I think that such methods of scam are already popular in some parts of the world, which they are already aware of, and how to handle the situation when their sim stops providing network. Although sometimes your sim can stop providing network due to a damaged sim or bad phone, but it should be given immediate attention to know why one's sim is not providing network so that if it's a case of sim swap, it can be quickly handled. Again, I think people should always take note of every SMS that they receive from their network provider because there is no way your SIM will get swapped without you receiving an SMS asking you to verify that you are the one performing the swap action or take immediate action to cancel the process. Also, if you pay full attention to the SMS you receive and you come across some transactions in which you were not the one that initiated them, just know that your SIM might have been swapped. Lastly, using SMS verification as the only OTP method is not safe.
legendary
Activity: 2576
Merit: 1860
It's a given that everybody shouldn't feel sufficiently safe with just sim or SMS verification or authentication alone, but I think service providers should also be implementing strict measures to prevent sim-swap attacks. Requests for sim change shouldn't be easy. A lot could be compromised simply because of it. This isn't the first time a T-mobile user falls victim to such attack.

If not with an insider, sim swap attacks could also begin by phishing or other ways to obtain personal information. Especially if a sim is already attached to a name, address, and other personal information, it can't easily be stolen. So, it definitely helps if we are also extra careful in giving out our personal details. This includes staying away from centralized platforms which require KYC. If not stolen, personal data could easily be bought or hacked. Or it could leak.
Pages:
Jump to: