Android owners warned over dangerous ‘sim swap attack’ that’s already stolen thousands of dollars – an app could help

ANDROID users have been urged to stay vigilant of scammers who are trying to steal all of their money.

Cybersecurity company SecureTream has informed the masses about a scam called SIM swapping.

1

WHAT IS SIM SWAPPING?

SIM swapping comprises a threat actor getting your mobile phone account information and then transferring it onto their phone.

By doing this, the bad actor can access your phone’s data and important accounts.

This can include your private texts, sensitive photos, cryptocurrency wallets, and even your banking information.

Moreover, hackers could also access your email inbox and social media accounts.

HOW DOES IT WORK?

SIM swap attacks are carried out in two ways: physically getting ahold of your phone’s SIM card, or calling up your phone carrier and posing as you.

“In a typical sim swap scam, perpetrators deceive mobile service providers into transferring a victim’s phone number to a new SIM card under their control,” SecureTeam said.

“If they are successful, the perpetrator can then intercept text messages and calls intended for the victim’s phone,” they added.

HOW TO STAY SAFE

SecureTeam shared a list of tips that can help you stay protected from SIM-swapping attacks.

The first is to always use an authenticator app, instead of SMS text messages.

An authenticator app is a mobile application that provides an extra layer of security to your online accounts.

It works by generating time-based one-time passwords (TOTPs) that you can use to access an account.

“Instead of relying solely on SMS-based two-factor authentication, consider using an authenticator app to generate a time-sensitive code,”  cybersecurity expert Ian Reynolds of SecureTeam said. 

“This is particularly important for sensitive accounts, such as banking and email accounts,” he added.

“These apps are not susceptible to sim swap attacks, so they provide an extra layer of security.”

Users should also be wary of unsolicited calls and messages and regularly monitor their banking accounts.

“If you receive an unsolicited call or message, never share personal information without first authenticating the identity of the caller or the sender,” Reynolds said.

“If you’re concerned about the identity of someone claiming to be from a particular organization, call the organization directly using official contact information,” he added.

This post first appeared on Thesun.co.uk