A relatively new but highly disruptive hack is called “SIM swapping”. It involves an unauthorized person taking over your cell phone number, typically with the goal to reset your online passwords. They do this by calling up your cell phone provider, pretending to be you, and saying you got a new phone and can they swap the SIM chip to the new phone. If the customer service rep is duped, your phone stops working and the hacker’s phone now gets all your calls and texts. Think about when you forget a password and have to reset it. Usually, the website will text your phone a one-time code to validate your identity. Now think about how much damage a hacker could cause if they had control over all your incoming texts, even for a short amount of time! Because it requires some advance knowledge of the victim, it tends to be a targeted attack. Think someone going after their ex, or a hacker going after a business owner or CFO. The best tool we have to prevent this type of attack is to call up your cell phone provider and establish a security PIN that must be provided in order to change phones. Thankfully SIM swapping attacks appear to be very rare in my client base, but everyone should be aware that it exists.
