The SIM card of a cell phone saves the user's data in GSM phones. They are mainly used to authenticate subscriptions to a mobile operator. SIM swap is a type of identity theft that exploits the biggest vulnerability of SIM cards: the fact that it can work on any platform.
What is known ..
The extortion involving politicians made through WhatsApp and scams in credit card customers has a common method: Exchange SIM. The technique, which involves transferring a user's chip line to a blank chip, has already caused thousands of victims.
According to an estimate of the Cellular Intelligence cybernetic of the Ceará Civil Police Department, at least five thousand people had the cloned WhatsApp. And the number does not include hits that involve theft of personal accounts in social networks and bank fraud, for example.
The technique behind the blows is relatively simple. The scammer buys a blank chip and activates the victim's number. In possession of the line, he can recover account passwords via SMS and even access the WhatsApp account. If the attacker gains access to the victim's email, he can even retrieve the backup of the conversations in the message application.
But how can you activate a line on a blank chip? This option is offered by all operators and is used for cases such as chip loss or cell phone theft. The portability between operators follows the same logic. In thesis, only the owner of the line could make those changes.
In practice, the swap of the Swap SIM involves two possibilities: social engineering, with a criminal with false documents going through you in a store or the participation of an officer of the operator.
How to protect yourself
There are a series of measures that users can take to avoid hits that involve the Swap SIM technique. The recommendation of the experts is that they use two - factor authentication to their accounts, but never through SMS. "The mobile phone number is not ideal as a security factor, so if you are going to use two-step authentication, never use SMS. "I recommend third-party applications that generate tokens," warns Leonardo Souza, cybersecurity expert at Trend Micro.
Two-factor verification (2FA) greatly reinforces the security of your accounts. It works like this: when you log in to a service, enter your password. After that, you will be asked for a code that has been sent to your phone. Only after inserting this code you will have full access. That is, even if they know your password, it will be necessary to have physical access to your mobile phone.
As we discussed in a text about the escape of passwords and reinforcing the suggestion of the expert, escape the code sent by SMS. If your line is stolen, it will not advance much. Once you have an application like Google Authenticator, available for Android and iOS, this possibility is eliminated.