Topic: Unfortunately, this problem is increasing yearly - page 2. (Read 311 times)

SIM swapping can happen when someone who works for your mobile service provider isn't well-trained or well-paid. This can lead to security issues sometimes.

The company that provides your SIM card should take responsibility because they are in charge of their employees. In the end, the company is more responsible than the individual employee, especially if the employee has to do shady things to make extra money outside of their job. This problem often occurs when someone loses their SIM card.

One way to prevent this is by setting a PIN for your SIM card on your phone. I do this, and it asks me for my PIN whenever I restart my phone. I think even a mobile service representative would need to know my PIN to access my SIM card. Does this protect against SIM swapping? I thought it did, but I'm not entirely sure.

That's the inimical aspect of centralized entities, we are worried about centralized exchanges risk as if it's not enough another has surface from the telcom service providers. This attack transient sim card swapping deep diving to ATM card swapping too in my countryside, so it's ain't something peculiar only to the USA.

It's very easy to rob a person of his money through phone number as it can be easily clone apart from swapping. I do use two factor authentication code system where I have to receive an OTP through my verified email after inputting my personal password. It can't be that possible to clone a Google email compared to a sim card number.

All these Cex have a unique use not disputing their importance in someway buy they ain't reliable as place for storing cryptos. I do use Cex exchange like binance for certain transactions and trades but it's never an option to storing my funds any day any time. A Cex is a Cex no matter what.

It's unfortunate but could be avoided completely if they opted out for 2FA via apps like Google Authenticator instead of receiving it via SMS but most exchanges encourage setting up 2FA as one of the mandatory security procedures to withdraw their cryptos.

IMO, sim swap attacks are far more dangerous to the traditional banking system than cryptos because if someone is able to swap sims they can gain access to the respective bank accounts at ease and every money will be drained before the actual owner notices that is why the users need to be aware where they use their personal information like giving national ID to random verification, etc.

But in this case, it's done by the telecom employees which can't be avoided no matter what but they will face the consequences cause it is a felony and most likely they will end up in prison for decades.

Is this a problem peculiar to U.K. and U.S. citizens? There are quite a lot of people around the world from different nationalities who use exchanges as a bank, they are either lazy, have no knowledge of crypto or they don't want to take the responsibility of being their own bank. Sim swap attack is definitely a problem, but there are other problems for people who use exchanges as banks, problems such as hack, data leak and assets confiscation.

Other than the easiest factor most of the people used to prefer it because they know if the app of Google authenticator or phone is gone and they have no backup keys like account login details then it will becomes almost impossible for them to retrieve the funds. So yeah people prefer to use easy, simple and secure way.

But as op mentioned in his post that the best practise is not to hold your assets on exchanges for longer period of time. Is the best advice because FTX exchange really made life's of many miserable just due to some mistakes. But those who took extra measures are in good conditions because they knew the science behind not your key not your coin.

AT&T is a big company and to be honest I do not really think that company is behind such scams instead someone must have get access to to upper level of brain that they are able to lure AT&T staff into such scams.

I did not knew about sim swap before but your post really made me read about it. Like you said AT&T might be behind it (of course you did not directly called their names) as they are the ones who will retrieve a new sim card with same number and recover it for you too. It means they can do it then after reading an article I came to know that the author of that article says, hackers or scammers try to contact those AT&T type cellular companies.

And they ask to change the sim card and they make any excuse to ask them to recover their sim while they already had all the details about the person whom they are going to scam. Well once the personal details are leaked then those scammers would easily convince the service providers that they are the real owner of the sim number. But in reality they are not.

Point is we should definitely not trust on cellular otps, or centralized exchanges and I am agreed with you on that. But we should also try not to share all our essential information with anyone because personal details causes most of the damage.
https://www.avast.com/c-sim-swap-scam

The issue of Swap SIM attacks is a concern that extends beyond the cryptocurrencies, affecting traditional banking and any accounts reliant on SMS based 2FA

The heart of the problem lies with the centralized exchanges. Remember "Not your keys, not your crypto" holds true even in this context. Entrusting your assets to these platforms puts you at risk without doubt

One potential solution could be to transition away from SMS based verification in favor of one-time password codes. OTPs are typically more secure than SMS, as they are generated independently and are less susceptible to interception. However, it's worth noting that even this approach has its own set of challenges.

In the event of a Swap SIM attack, your email account could also be compromised. For instance, Google recently introduced a feature that backs up your 2FA secrets from the Google Authentication APP to the cloud. While this might be convenient for users, it does introduce a new layer of vulnerability. In this scenario, even OTPs may not provide foolproof protection.

To address these issues, it's essential for both users and service providers to remain vigilant. Service providers, need to continually assess and improve their security measures to stay ahead of emerging threats like Swap SIM attacks.

I agree, and if it's ever useful to anyone, it's good to know that there's a reliable open source alternative to Google Authenticator which is FreeOTP.

I've been using it for years and never had a single problem. I remember that a recent update of Google Authenticator gives users the option of saving their 2FA keys in the cloud, it's not mandatory but I think people should be carreful with this app. A mistake or mishandling can happen very quickly.

It's unfortunate whenever I come across news like this. The truth about the matter is that since there is a centralized risk, issues like this will be inevitable.

- The problem is not only about users but developers themselves need look at other alternatives for two-step authentication.

- Self-custody still rules it anyway. Even if it involves risks but the benefits outweighs the shortcomings for sure.

A lot of these problems would've been mitigated if only people used one-time codes from authenticator apps like Google Authenticator and Aegis; but unfortunately SMS 2FA is still the most user-friendly option out there. And again unfortunately, not every service supports one-time code 2FA — understandably so because of SMS-fa being far easier customer support-wise.

Unfortunately, Sim swapping attacks are still growing rapidly, in this month of August I have got bad news about two U.S based family friend losing over 45 ETH and 0.7BTC because of sim swap attacks.

What I have been able to gather is, the telco guys working inside AT&T and other telecommunication companies are the ones bypassing all security measures, now not even your sim SMS 2FA codes can safe your ass from these guys.

Sim swapping is more easier for them, because, remember, if we lost SIM card or it get damaged we can easily retrieve by their help, they will redirect your number into another new SIM card, and you are back online, This makes telecommunications dangerous when it comes to crypto.

Let's stop deceiving ourselves, there is no solution to this attack than

1. Separate your crypto away from your SIM card number.

2. Stop using your phone number to get verification codes for crypto exchanges and other crypto-related platforms.

3. Stop storing crypto on exchanges, e.g coinbase, crypto.com and Binance exchange.

There is a big problem with people in the UK and US when it comes to crypto, they like storing their coins on exchanges, thinking that those 2FA codes and one time passwords for transactions will save them, which is not impossible for SIM swap attacks.

This was also why most people living in the U.S. and the U.K are the biggest victims of FTX, why these people refers storing crypto on platforms and exchange is worrisome, they are their own problem because crypto was never built to be kept on any exchange.