How To Protect Yourself Against The Hack That Fooled Twitter’s CEO

Oscar Armas Luy
7 min readJan 19, 2021

If they can get Jack Dorsey they can get you… learn the simple ways to protect yourself against Sim Swapping Attacks.

Photo by Pixabay on Pexels

Just last August Twitter’s own CEO, Jack Dorsey, had his handle @jack compromised by a group of hackers who took the opportunity to tweet antisemitic and racist remarks to his 4.2 million Twitter followers. After researching the issue, Twitter’s team confirmed that he had fallen victim to a Sim Swapping Attack. This same attack has been used to hack other high profile names like Jessica Alba and to drain the cryptocurrency and traditional bank accounts of normal people like you and me. Here’s an overview of how it all goes down and how to protect yourself from being next.

How Sim Swapping Works

Many secure websites and services such as banking, email, and social media now connect our mobile phone numbers as a second form of authentication and to verify that you are a real person. It’s easy as basically all of us have a mobile number and it creates a barrier to entry for bad actors who try to create lots of fake accounts. While it does provide some benefits and an additional level of security, this method has some pretty gaping vulnerabilities.

Sim Swapping is when a criminal contacts your phone company and social engineers, or tricks them, to change your mobile connection to a device they control. As an example, they may call your provider pretending to be you and say that your cell phone has been stolen and you need them to switch your service to a new cell phone you just bought. Alternatively, they may just have an employee of the cell phone provider in their pocket that can perform the sim swap without the need for social engineering.

Once your sim has been swapped to a new device, the criminal will then receive all of your text messages and phone calls. The criminal then uses your cell phone number to reset your password and gain access to all of your secure accounts, often helping themselves to your cryptocurrency and bank account balances in the matter of minutes. They may also lock you out of your social media or cloud storage services and demand ransom in exchange for the safe return of your personal information. The only silver lining to this type of attack is that you’ll…

--

--

Oscar Armas Luy

Oscar is an entrepreneur and hobbyist with interests in personal finance, data science, and cybersecurity.