Social Media and SIM Skimming

Earlier this year, and X/Twitter account was hacked, allowing misinformation to be posted from this trusted account. Unfortunately, this is not an unfamiliar story, social media accounts have been hacked before as anyone who has received an off message form a friend knows by now. So why was this instance newsworthy? The hacked account belonged to the US Securities and Exchange Commission, if a trusted entity such as this can be hacked and misinformation spread, it brings into question the security of social media accounts belonging to businesses or government entities. 

What is SIM Skimming?

SIM skimming, otherwise known as SIM swapping, or simjacking, is the process used by fraudsters to gain control of an individual's phone number. Once the fraud has access to the phone number, they can use it to gain access to connected accounts such as banking, social media, business-related, etc. When you forget your password, do you ask for a text confirmation? If you've been SIM skimmed, the fraud is now receiving that text message and now has the power to change your password and give themselves sole access. 

You may be wondering how they got access to your phone number, well from you of course. A common technique used is phishing, in which the hacker manipulates a victim into revealing information about themselves, usually be posing as a trusted individual. Once they have the right information, the hacker will call your service provider, convince customer service they are you and gain access to the phone number and account. 

How Can You Protect Yourself?

• Stay up to date on cybersecurity tactics and help identify techniques, such as phishing, is the first line of defense. Knowing your risks means knowing what to look for to prevent an unwanted situation.
  
  
• Using authenticator apps instead of connecting to an email or phone number is an excellent solution. These types of apps are tied to your device, not your phone number, leaving the hacker out in the cold. 
  
  
• Keep your phone account secure. Many providers will assign a PIN number to an account, be sure your PIN is strong and secure. If you're being phished, there's a chance the hacker can guess your PIN so having a strong and not easily guessed number is highly effective. 
  
  
• Finally, always stay on top of your accounts. The account owner will be the first to know if there is strange activity. The soon an individual notices these inconsistencies, the sooner action can be taken and minimize any potential damage that can incur. 

Be sure you're staying up to date on your cybersecurity measures and cyber-attack tactics.