SIM Swap Attacks More Common: How to Protect Yourself

Рет қаралды 12,847

Күн бұрын

SIM swap attacks happen when a malicious actor convinces your cellular provider to port your cellphone number to a new SIM card or new cellphone. In doing so, they can gain access to everything that is important to you online. In this video, I walk through what a SIM swap attack is, recent high profile cases of individuals who have lost high value assets through SIM swaps, and why it's not just about cryptocurrency. If you have anything of value secured by SMS-based two-factor authentication, you could fall victim.
We'll walk through two timelines of late-night SIM swap attacks so you can watch for signs should this ever happen to you. As well, I give you some strategies to keep yourself safe from these types of attacks.
Timestamps
0:00 Intro
1:19 What is a SIM Swap attack
2:25 Are you a target for SIM Swap? What's your attack surface?
3:40 Vitalik Buterin loses Twitter/X account via T-Mobile SIM Swap
4:50 Kroll Employee SIM-Swapped for Crypto Investor Data
5:43 Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Crypto Hack
7:38 Timeline case #1
9:35 Timeline case #2
11:32 How to protect yourself and your assets from SIM Swap attacks
Links
cointelegraph.com/news/bitget...
/ vitalikbuterin
www.dlnews.com/articles/peopl...
krebsonsecurity.com/2023/08/k...
www.forbes.com/sites/iainmart...
/ my-worse-fear-have-com...
/ 35de11517124
github.com/lrvick/security-to...
haveibeenpwned.com/
The Zantastic Newsletter
kathyzant.com/
Get the WordPress Security Mini-Course:
zant.fyi/mini-course-yt
===========================
Connect with me!
===========================
Tik Tok: ➡︎ / kathyzant
Instagram: ➡︎ / kathyzant
Facebook: ➡︎ / kathyzant
LinkedIn: ➡︎ / kathyzant
Website: ➡︎ www.zant.com/
#simswap #2factorauthentication #cryptohacks

Пікірлер: 37

@KathyZant 4 ай бұрын

New! Take the WordPress Security Mini-Course. Introductory price at $39 until 4/30/24. Learn more here: bizsecured.com/wordpress-security-mini-course/

@equilibria74 5 ай бұрын

Telecommunications companies need to start monitoring their contracted workers. It's done from the inside.

@knotox Ай бұрын

Cloaked Wireless is the only real protection against SIM swap attacks. They prevent staff from modifying accounts. Only the customer can do that.

@SeanKerns 10 ай бұрын

Whoa! Thanks for the heads up. I never knew this kind of thing was even possible.

@KathyZant 10 ай бұрын

No problem! It hasn't been super common, but seeing it more in the crypto space, which means it has potential to affect us all eventually. Usually security crap happens in crypto first, then it starts happening to the rest of us.

@denzray Ай бұрын

happened to me once, I got it resolved but it was a pain in the arse calling tech support that also has no idea of what to do.

@jamesmarchetti3286 5 ай бұрын

Wow !!! What a great learning and technical video !!! So I this definitely leads me to do a like, Subscribed and Shared !!! And notifications bell !!! 🤗 👏👏 !!! I study and research these types of things all the time !!! 🎉 !! Thank you Teacher 😊 !!!

@KathyZant 5 ай бұрын

Thank you so much for the feedback.

@markallen8226 5 ай бұрын

Thanks Kathy, learned so much.

@KathyZant 5 ай бұрын

Glad it was helpful!

@markallen8226 5 ай бұрын

Cheers.

@kristylopez1418 Ай бұрын

Thanks for the great information and advice, Kathy, on SIM Swapping and I have just subscribed to your channel. Just have a question. I'm an old timer and have been using PC online banking since the inception way back when. Since the beginning of Social media and mobile banking I have refused to use both, therefore I have very little on line personal info out there. I don't store any passwords on my phone and only use my phone mainly for texting and browsing. I know boring. I emailed my bank and they don't use a security key method as 2 factor authentication method but I think I will buy a security key for the other sites that allow it. I have setup a second email account for my financial stuff as a precaution as my main gmail account has been breached. So my question is, will I still be some what vulnerable to SIM swapping? Also if I sign into my bank, on my PC, and my code gets sent to SMS text can the jerks get into my account? Thanks and have a great day.

@OwenGilmoreOG 5 ай бұрын

Thank you 🙏 - better content than a lot of other security KZbin channels. I noticed that my phone provider has SIM card protection. Any thoughts about that?

@KathyZant 5 ай бұрын

Thank you, I appreciate that! I'd inquire with your provider to get a full understanding of what SIM card protection means to them. If you have it turned on, what does that do? What has to happen in order to turn it off? Here's an article I found (though a tad old) about Verizon's protections, not foolproof. www.vice.com/en/article/3azv4y/verizon-sim-swapping-hack-protection-number-lock

@got_glintsp963 4 ай бұрын

I’ve been hacked. Yep. I wasn’t thinking with an evil mind. I’ll be going to Verizon tomorrow and changing everything. The funny but sad thing is, I have ZERO money or assets. Since divorce, then long term illness ..:I’ve been through bankruptcy. I’ve gone through ALL assets I did have to apply for SSDI. I HATE PEOPLE WHO DO THIS

@KathyZant 3 ай бұрын

I'm so sorry you were victimized.

@independent-ts6ys Ай бұрын

The Feds are illegally doing this using a device called an "IMSI CATCHER". Nicknamed "Stingrays". Google it 👍

@bobh9817 5 ай бұрын

Question. I upgraded my security with Apple using a hardware key. Supposedly not even Apple can access my account. I also have the standard PIN and SIM PIN on phone. Will these do ANYTHING to thwart someone at the carrier doing a SIM swap from within?

@HockeyJock 5 ай бұрын

These are great questions. I hope she comes back and answers for us!

@KathyZant 5 ай бұрын

If it’s an inside job, there are a lot of unknowns from the outside. What internal controls do they have in place? Assume none. But it might make a good interview subject for the carriers. I’ll see what I can find out.

@KathyZant 5 ай бұрын

Answered. Essentially trust no one. But I’m digging deeper.

@KathyZant 4 ай бұрын

As a follow up, another video that is related. Stop using one email address for everything: kzbin.info/www/bejne/o3u6f4CgrdqDsM0

@databae1 Ай бұрын

do you recommend cloaked wireless for cell service?

@KathyZant Ай бұрын

I am liking what I am seeing. They definitely understand the problem. Doing some research now, but they're saying all of the right things.

@DJ_20_THOR_7 3 ай бұрын

How'd they do that when there's a picture on the id?

@KathyZant 3 ай бұрын

There could be a number of methods including fake IDs or social engineering a support rep to bypass id verification.

@joycewright5386 4 ай бұрын

Doesn’t the scammer first need to know who my carrier is in order to switch SIM card? My next question is even if they try to change my bank password won’t they first have to know my sign on or at least the answers to my security questions?

@KathyZant 4 ай бұрын

There are only a handful of cellular providers. Once they have a SIM swap complete, they'll initiate a password reset on email first. Once email is taken over, they move on to the target platforms like banks, crypto exchanges, etc. The takeover of the cell number is just the first step. Thanks for asking. If you have more questions, let me know and I will do my best to answer.

@shinola228 4 ай бұрын

I recently made a new email account that is only for financial institutions. That way no one has any idea where to even start looking to recover a user name and password. And of course there's no mention of the bank l use either on my phone - not even in my contacts. So anyone who might get control of my phone is going to have a real challenge getting to my money.

@joycewright5386 4 ай бұрын

@@shinola228 good idea!

@joycewright5386 4 ай бұрын

@@KathyZant thank you!

@KathyZant 4 ай бұрын

@@shinola228 Smart moves right there! I just posted a video this morning about protecting email and not having that "one email address" that I see people do all too often. Just like you're doing! kzbin.info/www/bejne/o3u6f4CgrdqDsM0