Wednesday, October 9, 2019

SIM Swapping and Phishing makes Two-Factor authentication vulnerable: Here's how to protect yourself

SIM Swapping and Phishing makes Two-Factor authentication vulnerable: Here's how to protect yourself


This technology is used to overcome 2-factor authentication. Sounds harmless right? And No, it's not about replacing your old sim with a new one. They actually pose a serious security threat; pretty much a group of underground hackers selling your online accounts. SIM card swapping is a crime that attracts a 220US$ lawsuit.

In a sim swap, someone convinces your phone provider to switch your phone number to the card in their possession. Once they've got access, accessing all your online accounts becomes very easy.  You may be asking how and why? When someone seizes ownership of your sim card, they can use it to bypass the two-factor verification to all your online accounts. As well as selling your Twitter or Instagram handles to emptying your cryptocurrency wallets.  Remember many online services use this medium, so the average internet user is prone to these consequences.


How to protect yourself...


You should contact your network provider to sure your sim card is protected by a pin. Hence any changes made will require you to type the pin. Use a better two-factor authentication. You should consider using an app like Google authenticator rather than the SMS feature. The authentication message is sent to the phone rather than the phone number, which is much secured. Any cryptocurrency wallets linked to your phone number should be changed ASAP. 

Phishing

This is one of the most popular online scams around. Ever received an email from your bank asking you to log into your account and fill in your details? This email could be a duplicate sent by someone using the phishing technique. The form could be so convincing you could easily give out your login and other personal banking information. Personalized phishing attacks can be dangerous and they are referred to as Spear Phishing. The 'phishers' normally have prior information about you. They may have either looked you up on social media or online public records. These are used to tailor email scams which are more likely to yield results.

What can you to do be safe;

  • Do well to check mails you receive before sharing personal information
  • Before you click on any link, check if it's from the actual company. Find a legitimate number and call.
  • Triple check the link to ensure it matches what you normally log in with.

PS: Instagram just added a new feature that would enable users to distinguish between legitimate e-mails and phishing scams. The new update contains a menu titled; 'Emails from Instagram'. It lists every mail that has been sent to you over the last 14 days. Any email in there is definitely legitimate and you can safely click on the links. If the email is not in there, you should probably delete it. If the worst comes to pass and your account gets compromised, you should follow the instructions provided by Instagram on its help page. This update is now rolling out and may take time to appear in your settings.

Everyone ignores these never realizing they are the basic loopholes hackers use to exploit or take advantage of you.  Take an initiative now!! Do not wait for the effects to be catastrophic.

More