How To Protect Yourself Against The Hack That Fooled Twitter’s CEO

If they can get Jack Dorsey they can get you… learn the simple ways to protect yourself against Sim Swapping Attacks.

Photo by Pixabay on Pexels

How Sim Swapping Works

Many secure websites and services such as banking, email, and social media now connect our mobile phone numbers as a second form of authentication and to verify that you are a real person. It’s easy as basically all of us have a mobile number and it creates a barrier to entry for bad actors who try to create lots of fake accounts. While it does provide some benefits and an additional level of security, this method has some pretty gaping vulnerabilities.

First Things First — Enabling 2FA

Despite the risks of Sim Swapping, you should always enable 2 Factor Authentication (2FA) on your accounts. This will keep your accounts safe by requiring a secondary pin sent to your mobile phone in addition to your username and password to gain access to your accounts. 2FA is now a standard feature with most secure services and can be enabled in your login and security settings.

Your First Line of Defense — Ditch SMS

The simplest way we can protect ourselves is to choose app-based 2FA when available. While having 2FA enabled is always better than not, many services offer two flavors of it. The most common is SMS-based which sends an SMS to your cell phone and is vulnerable to Sim Swaps. The less common but more secure is app-based authentication. Rather than send you a text message, your authentication code is generated by an authenticator app on your mobile device, the most popular being Google Authenticator (iOS, Android).

The Best Solution — Private Phone Number

Although in a perfect world an Authenticator app would solve all of our problems, the challenge is that many websites do not support app-based authentication. Anecdotally, all of my bank accounts and credit cards offer SMS-based identification as their only option. So how are we to protect ourselves?

What About Free VoIP Phone Numbers?

Google Voice and many other services actually allow you to register a phone number for free, so why aren’t we using those? You can try it — but most services don’t accept VoIP numbers. The reason why is simple: they are easy and cheap to obtain anonymously so they’re commonly used by criminals and other bad actors.

Conclusion

While there is a minor cost and time commitment to implementing this safety measure, it pales in comparison to the financial and emotional complications of a data breach. This solution will effectively protect you from the large majority of cyber threats without that much effort on your part. Cybersecurity is certainly one area where it pays to be proactive!

Oscar is an entrepreneur and hobbyist with interests in personal finance, data science, and cybersecurity.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store