The best thing you can do to shore up your online security is to set up two-factor authentication on every service that allows it. However, there is a new form of scam going around that attempts to make an end-run around 2FA and make a fool out of all password protections and blocks you might have on your accounts.
This new form of scamming, called SIM swapping, is deceptively simple. All that scammers need to do is get the PIN for your mobile carrier account, and then call your carrier posing as you. While on the phone, they use your PIN to have your phone number moved to their SIM card, essentially stealing your phone number and causing all messages meant for you to go straight to the scammer’s phone.
This is a huge problem because many forms of 2FA send a message to your phone number to verify that it’s you trying to log in. If someone has your phone number, it’s only a matter of minutes before they’re able to crack into most of your online accounts.
There are ways to prevent SIM swapping from taking place altogether. For one thing, you need to set up a strong, unique PIN code with your carrier that is used for any changes to your account. From there, make sure you update your PIN often. Moreover, make sure that you have the phone number for your carrier saved in your phone in case you detect that your SIM has been swapped.
You can tell that your SIM has been swapped if your phone suddenly loses all service for no discernible reason. Use someone else’s phone to make a call to your carrier immediately and tell them that someone has managed to hack into your account and that you need to reverse that number swap right away.
Sadly, you’re never truly safe from scammers. Some researchers have proven this by calling mobile carriers and posing as other people, saying they had forgotten their PIN, and “proving” who they were by giving the operator the phone numbers of recent calls sent from the phone they were posing as the owner of.
A scammer could easily fake this by tricking you into calling a number and then telling an operator that they’re the account owner, citing the number they tricked you into calling. This is all very scary, and it’s a great reason to rely on app-based two-factor authentication instead of text-message-based. Stay smart, stay vigilant, and don’t let anyone online take you for a fool.