Local

SIM Swapping: Criminals use common security feature to access bank accounts

Phone theft is on the rise across the county.

>>> STREAM CHANNEL 9 EYEWITNESS NEWS LIVE <<<

But crooks are stealing your smart phone, just all the data on it.

It’s called SIM-swapping, and once it’s done your bank accounts will likely be empty.

Channel 9 consumer adviser Clark Howard sat down with a cyber security expert who explained that this type of theft is sometimes an inside job.

Phone carrier employees sell customers’ data on the dark web. Clark learned there are ways to protect yourself.

Watch: Extra fees: How much they’re costing you & how to save money

Two factor authentication is a common security feature to protect your information. Codes sent to our phone to access our bank accounts, credit cards and retirement funds to confirm you are logging into an account, and not a thief.

Criminals are exploiting this security feature to rob you blind. It’s called SIM-swapping.

“What that is, is where an attacker, through a couple of different ways, gets control of your phone number. And they do that normally through calling the provider, switching out phones and taking over your number,” explained former FBI analyst Willis McDonald. McDonald specializes in cyber threats.

McDonald told Howard many times criminals work with an employee at the phone company. Often thieves watch your habits and plan a sim swap attack when you’re at work or on vacation.

Watch: ‘It was an imposter’: Fake bank texts lead victims to drain their accounts

“One trusted person who might even be a contractor for a cell phone carrier can exploit this vulnerability to take your service away from you. And you don’t even know till you wake up the next day,” Howard said.

“That’s exactly how this works,” McDonald said.

McDonald said criminal markets offer sim swapping services that range anywhere from $900 to $10,000 depending on whose sim you’re swapping.

“Somebody like Clark Howard probably closer to the $10,000 mark. Everyday citizens, maybe $900,” McDonald said. He showed Howard examples of personal information for sale online.

Watch: Action 9: Man says used car ad made him suspicious, others report similar case

Howard said there are three steps you can take to protect yourself.

First, call your provider and ask for enhanced security features to be added to your account such as asking for more info before making the swap.

Second get a hardware key or token.

McDonald said hardware tokens like YubiKey, or Google Titan keys allow you to use a piece of hardware to actually log into your account rather than passwords or text.

Watch: ‘Thankful that I had a voice’: Action 9 investigation sparks legislation on homeowner contracts

Third, if your provider won’t let you use a hardware key, both Howard and McDonald suggest a rolling code authenticator like Microsoft or Google authenticator is the next best thing.

Click here to download the free WFTV news and weather apps, click here to download the WFTV Now app for your smart TV and click here to stream Channel 9 Eyewitness News live.

0