Keep your payment wallets safe: what to look out for in a SIM port attack

sim port attacks

Payment wallet providers like MuchBetter are continuously improving the methods we use to protect our customers’ accounts and money. Two factor authentication, biometrics and dynamic passwords add multiple layers of protection that makes it hard for an attacker to hack your accounts.

But cyber attackers are persistent and are constantly looking for ways to get around the controls you have in place. This is the case with a SIM port attack, an attack that involves the hacker having enough identifiable information about you to be able to port your mobile phone’s SIM card and take control of all accounts linked your phone.

What happens in a SIM port attack?

A recent article on Medium provides a timeline of how a SIM port attack took place, draining the victim’s Coinbase account of $100,000.000. He describes feeling anxious, remorseful and embarrassed following this attack, not least because if he had spotted key tell-tale signs he might have prevented the attacker getting hold of his cash.

Here’s what happens in a SIM port attack:

1. The attacker gets enough personally identifiable information so they can impersonate you and request to port your SIM card to a device they control,
2. The attacker initiates the password recovery on the email account associated with your SIM,
3. Since they control your SIM they get the verification code and can now reset your password and access your email,
4. With control of your email account they can request password resets on all the online accounts where your email address is used as an authentication source – such as social media, bank accounts etc.

This type of attack is far from opportunistic, victims are targeted based on the information they share online. It’s also an attack that can take time, from the initial SIM port request to the attacker getting their hands on your money. In fact, 24 hours in the case of the Coinbase customer attack, as Coinbase has a 24 hour password reset delay.

What are the tell-tale signs of a SIM port attack?

The victim in this real life attack is very honest about the signs he should have spotted: which, had he acted on, would have saved him a lot of money. They are:

• Sudden loss of mobile signal – when the attacker took control of the victim’s SIM card, he lost his mobile phone signal.
• Online accounts asking you to login again – the attacker reset passwords on email and other accounts, triggering these accounts to ask the victim to login again.
• Passwords no longer work – the victim is locked out of his accounts, his passwords no longer work.
• Unexpected messages from mobile provider* – while the victim in this case didn’t receive any messages from his mobile provider, some providers will send a SMS when a SIM port request is received.

* If you’re calling back the mobile provider always use numbers from their own websites rather than relying on a message which might be originating from the hacker.

Many of the signs above are things you might have experienced for other reasons, such as a temporary problem with your mobile provider. You might not experience all of these signs either, so it can be easy to dismiss them as just a glitch.

However, if you have a high risk profile, like the victim in this recent attack, be aware that you could be targeted. Treat any unexpected activity as a potential threat and get in touch with your mobile provider, bank and other online service providers. Be wary about sharing social information publicly.

MuchBetter’s security team is constantly monitoring threats like SIM port attacks and improving our security features to protect our customers. Make sure you update your MuchBetter app when new versions are made available, as this will improve the security of your account.

Read more by Paul Gent