SMS code for 2-factor authentication is not safe. 2FA from centralized services like Google Authentication is not safe too and they even want to back up codes on their cloud storage.
You can turn on 2FA for your Twitter account and use good 2FA applications like Aegis that is open source.
https://getaegis.app/
Topic: Another day to take caution of sim swap attack - page 2. (Read 329 times)
I once worked for a network operator in my country. At that time, smartphones and social networks didn't exist yet, but SIM swapping or SIM cloning was already a popular method of attack. It was mainly used to make free calls, charged to someone else's account. The scenario often involved individuals who didn't know how to remove their SIM cards from their phones. When they brought their phones in for repairs, they left the SIM card inside, which some bad actors could easily clone onto a new SIM card. I guess today scammers are even more resourceful.
Just like not your keys not your coins is repeated on the forum, it seems sim swap attack warning/awareness needs to be spread as such.
Though this might have been discussed already before now but i think i still see it as being a reminder for those that already knows about the shady acts coming through this whole process while the newbies will also get along with the required standard information needed not to fall a victim, there are many ways scammers are now developing to make sure that they attack people and most of their targets are the begginers, because they know that these set of people aren't familiar with the whole system yet, so they take their advantage.
How is a sim swap possible?
Here in my country before you request anything from the sim carrier like requesting for sim replacement you need to provide a selfie and submit a few documents for verification. So how does Vitalik Buterin fall to this attack?
Here in my country, it was also hard to replace the original SIM owner and swap the SIM without their knowledge. Not until network providers started approving agents to start doing SIM registration and swapping on the street did everything become very possible. The only thing that is needed is for the person who has the authorization to do the SIM swap to be in agreement with you, and everything will be a bit easier. Here in my country before you request anything from the sim carrier like requesting for sim replacement you need to provide a selfie and submit a few documents for verification. So how does Vitalik Buterin fall to this attack?
The finger print verification, which was one of the difficult parts, is even bypassed now. What they can just do is ask the agent to check through the SIM they brought and give them details. Those details of the original SIM owner can be used to fabricate documents that will match the owner's own, and any image could also be used in replacement of the person's passport. It's very possible now.
How is a sim swap possible?
Here in my country before you request anything from the sim carrier like requesting for sim replacement you need to provide a selfie and submit a few documents for verification. So how does Vitalik Buterin fall to this attack?
Here in my country before you request anything from the sim carrier like requesting for sim replacement you need to provide a selfie and submit a few documents for verification. So how does Vitalik Buterin fall to this attack?
Not many countries or network providers actually do sim swap physically like you have stated. Some network providers would just ask for identifications through call and hackers usually would have gotten such informations from either social media platforms or through phishing sites. Another way is there is always staffs working with this network providers that aid this acts. Probably this is what happened to Vitalik
How is a sim swap possible?
Here in my country before you request anything from the sim carrier like requesting for sim replacement you need to provide a selfie and submit a few documents for verification. So how does Vitalik Buterin fall to this attack?
It is like you are asking that how is bank fraud possible. Or asking that how scammers get people's identity to register on centralized exchanges to scam.Here in my country before you request anything from the sim carrier like requesting for sim replacement you need to provide a selfie and submit a few documents for verification. So how does Vitalik Buterin fall to this attack?
In sim swap attack, one or some of the workers from the sim providing company may know about it. Sim swap is not something that is new.
How is a sim swap possible?
Here in my country before you request anything from the sim carrier like requesting for sim replacement you need to provide a selfie and submit a few documents for verification. So how does Vitalik Buterin fall to this attack?
The only thing that I could think of is that the mobile number or sim he had is not yet ID-verified. That is why the hacker can request to sim carrier to activate a new number and ask the carrier to redirect all calls and texts to a new number without ID verification.
This might be the reason why Binance removed phone number verification on withdrawal.
Here in my country before you request anything from the sim carrier like requesting for sim replacement you need to provide a selfie and submit a few documents for verification. So how does Vitalik Buterin fall to this attack?
The only thing that I could think of is that the mobile number or sim he had is not yet ID-verified. That is why the hacker can request to sim carrier to activate a new number and ask the carrier to redirect all calls and texts to a new number without ID verification.
This might be the reason why Binance removed phone number verification on withdrawal.
Thank you for your important words and raising awareness of the sim swap attack. It's crucial for everyone to be vigilant about their online security. In today's digital age, where our personal and financial information is interconnected, taking proactive steps to protect ourselves from potential threats like sim swap attacks is paramount.
Keeping funds on a platform is never a good idea, which is why the #Not Your, Not Your Coin rhyme is being spread every single day in different forms here in this forum and aside from this place in areas or platforms that encourage self-custodian usage.
But in aspect of social media account the case is different, we can't avoid receiving emails or mobile number authentication authorization request, as they are one of the ways those apps approve signin from a new device, even when we are making use of the email and phone number security, for someone like Vitalik he should be aware that those kind of security alone is not enough for their account as influencers account is on a highest target rate now a days from hackers, most of this social media accounts have a 2factor authentication option enables on the security part of individual account, if this option was enable on his account I believed this could have been a little less possible for the hackers to access the account but not entirely impossible though.
In the aspect of the sim swap, I don't know how it's being done, but however they are doing it, it's very risky, and network providers should make things a little bit difficult for someone who is not a sim original owner to have limited access to sim details and the swap option.
Regarding how to know if your sim has been swapped or not, the only valid option I see here is the network going off your current phone, in the aspect of your social media accounts being logged out, those could be avoided by the hacker, someone can change your password and still allow your account to be logged on your current device, they can operate in the background and do what ever they want to do, since your mind is not their you might not bother checking through your previously dropped posts which those hackers could easily drop a phishing link through an original post comment section or others post comment section and disable the post notifications so that you won't get any of of reaction notifications on that post/comment, few hours of their control and they can steal on your own watch.
This that just happened with Vitalik X's account is another reminder for the general public to reduce their test for greed and do not trust what ver comes out of the mouth of your celebrity influencer or what they post in their account, because a verified or trusted person dropping a link does not make the link entirely legit. The public should learn how to limit their trust and greed; it will save them from a lot of scams.
But in aspect of social media account the case is different, we can't avoid receiving emails or mobile number authentication authorization request, as they are one of the ways those apps approve signin from a new device, even when we are making use of the email and phone number security, for someone like Vitalik he should be aware that those kind of security alone is not enough for their account as influencers account is on a highest target rate now a days from hackers, most of this social media accounts have a 2factor authentication option enables on the security part of individual account, if this option was enable on his account I believed this could have been a little less possible for the hackers to access the account but not entirely impossible though.
In the aspect of the sim swap, I don't know how it's being done, but however they are doing it, it's very risky, and network providers should make things a little bit difficult for someone who is not a sim original owner to have limited access to sim details and the swap option.
Regarding how to know if your sim has been swapped or not, the only valid option I see here is the network going off your current phone, in the aspect of your social media accounts being logged out, those could be avoided by the hacker, someone can change your password and still allow your account to be logged on your current device, they can operate in the background and do what ever they want to do, since your mind is not their you might not bother checking through your previously dropped posts which those hackers could easily drop a phishing link through an original post comment section or others post comment section and disable the post notifications so that you won't get any of of reaction notifications on that post/comment, few hours of their control and they can steal on your own watch.
This that just happened with Vitalik X's account is another reminder for the general public to reduce their test for greed and do not trust what ver comes out of the mouth of your celebrity influencer or what they post in their account, because a verified or trusted person dropping a link does not make the link entirely legit. The public should learn how to limit their trust and greed; it will save them from a lot of scams.
This is really frightening. The majority of the users use their phone numbers for their account security. Even I have used my phone number for 2FA authentication for my Gmail and other social media. I think now I need to change that. In my country, mobile banking services are very popular, and many people use them every day. For mobile banking, you just need to have a mobile number, and you need to do KYC through your ID card. People store thousands of dollars in their mobile banking accounts, so if these SIM swap attacks happen in my country, this will be a total disaster.
Now Vitalik himself has come out to said the attack was through his T-Mobile phone number by sim swap and the hacker got access to his X account through requesting for the authentication through phone number.
Sim swap attack through T-Mobile is not new. I am disappointed that these kind of people with numerous followers do not protect their social media account. Twitter, now called X has 2FA and Security key hardware which Twitter users can use to protect their account.Image from Twitter securities and privacy on my Twitter account
Why would people go for text message only which is also by default. Sim authentication is not safe. Use app 2FA or hardware security key for a better security.
Just like not your keys not your coins is repeated on the forum, it seems sim swap attack warning/awareness needs to be spread as such.
It is not news again that co-founder of Ethereum Vitalik Buterin had his twitter(X) account hacked. This lead to a phishing link been posted and many lost their funds.
Now Vitalik himself has come out to said the attack was through his T-Mobile phone number by sim swap and the hacker got access to his X account through requesting for the authentication through phone number.
Vitalik prostrated that he didn’t take the security warning about sim swap serious if not now.
The takeaway is avoid taking authentication through phone numbers alone, but if we look at it accepting authentication through even E-mail is risky so the best act is to avoid storing funds on platforms that requires this.
How to know if your phone number has been swapped.
1. When you notice your network is no longer available
2. When you receive a notification from your network provider about a change of sim
3. When you can not have access to your social media accounts or any online accounts accounts again.
Once you notice one of this then you need to act fast
It is not news again that co-founder of Ethereum Vitalik Buterin had his twitter(X) account hacked. This lead to a phishing link been posted and many lost their funds.
Now Vitalik himself has come out to said the attack was through his T-Mobile phone number by sim swap and the hacker got access to his X account through requesting for the authentication through phone number.
Vitalik prostrated that he didn’t take the security warning about sim swap serious if not now.
The takeaway is avoid taking authentication through phone numbers alone, but if we look at it accepting authentication through even E-mail is risky so the best act is to avoid storing funds on platforms that requires this.
How to know if your phone number has been swapped.
1. When you notice your network is no longer available
2. When you receive a notification from your network provider about a change of sim
3. When you can not have access to your social media accounts or any online accounts accounts again.
Once you notice one of this then you need to act fast
Jump to: