In the wild and ever-evolving world of cryptocurrencies, we're often preoccupied with securing our digital assets against hackers, wallet vulnerabilities, and phishing schemes. But what about a less talked-about threat that's creeping up in the shadows? I'm talking about SIM swapping, a nightmare that can turn your crypto world upside down. 3NUM specializes in building products that protect users from precisely this kind of mobile fraud. In this article, we’ll share seven vital security practices tailored for crypto users to keep the SIM swappers at bay.
1. Understand the SIM Swapping Threat
SIM swapping is a fraudulent practice in which hackers take control of your mobile phone number for the purpose of intercepting sensitive SMS 2FA codes for accessing your accounts. If you want to learn more about SIM Swaps, check out this in-depth article we wrote we Webacy here.
A Word from 3NUM's Founder: Our founder, Chris Boscolo, fell victim to this very form of mobile fraud in 2019, which inspired the creation of 3NUM. With a background in security, the damage was minimized, but it left Chris feeling deeply violated and determined to put an end to SIM swapping once and for all.
2. Replace Insecure SMS 2FA Wherever Possible
SMS 2FA is horribly insecure and should not be used whenever possible. This is the most effective thing users can do to secure themselves against the risk of SIM Swaps. Instead, opt for more secure 2FA/MFA methods (we will discuss this next).
3. Use Strong Authentication Methods For All Your Accounts
When it comes to your accounts, passwords are your first line of defense. Using strong and unique passwords is non-negotiable.
Opt for passwords that include a mix of upper and lower-case letters, numbers, and special characters. The longer and more complex, the better.
Biometric Authentication and Hardware Security Keys:
Where possible, leverage biometric authentication methods, like fingerprint or facial recognition. Additionally, hardware security keys are a rock-solid choice for protecting your assets.
Multi-Factor Authentication (MFA):
Enable MFA on all your accounts. This adds an extra layer of security by requiring a second form of verification, such as a one-time code from an authenticator app.
A word from 3NUM’s Founder: When Chris was getting SIM Swapped, he was initially tipped off because he was getting alerts from a tool called Authy, which he had evaluated, but never end up using because it defaults to insecure SMS 2FA - a foundation made of sand! When choosing an authenticator tool, make sure you choose one that doesn’t set up users for failure.
4. Limit Personal Information Exposure
Oversharing personal information online can be an open invitation to SIM swappers.
Social Media Vigilance:
Be cautious about the information you share on social media. Revealing too much about yourself, like your location or personal details, can make you a target.
Secure Personal Data:
Consider limiting the exposure of sensitive information, such as your phone number, email address, and home address.
Unfortunately, just knowing your name could be enough for a hacker to pull off a SIM Swap, but the more precautions you take, the better!
5. Get A Service Built For Preventing SIM Swaps
If you are using a traditional telco provider like T-Mobile or Verizon, you are at risk of being SIM Swapped. Use services like 3NUM which are purpose built for stopping SIM Swaps.
If you continue to use insecure mobile services, then there are steps you can take to protect yourself, but are most certainly NOT a guarantee.
Set SIM PINs
SIM Pins should NOT be treated as adequate protection from being SIM Swapped, as they can be easily bypassed by telco employees, but they can provide minimal protection, and should be used wherever possible.
6. Monitor Your Accounts Regularly
Regularly checking your accounts for any unauthorized activity is a proactive approach.
Set Account Activity Alerts:
Many crypto platforms offer the option to set up account activity alerts. This can notify you of any suspicious logins or transactions.
Quick Detection and Response:
In the unfortunate event that a SIM swapping attempt occurs, swift detection and response are critical. The faster you react, the less damage the attacker can do.
7. Prepare for the Worst: Backup and Recovery
Lastly, consider preparing for a SIM swapping incident by having a backup and recovery plan.
Create Secure Backups:
Generate secure backups of your crypto wallet keys and store them offline, ideally in a secure physical location or a hardware wallet.
Recovery Steps and Emergency Contacts:
Know the steps to take in case of a SIM swapping incident. Maintain a list of emergency contacts, including your mobile carrier and crypto exchange, for quick assistance.
In the realm of cryptocurrency, where the stakes are high, SIM swapping is a growing concern. The seven vital security practices outlined in this article can help you protect your digital assets and ensure you're not the next victim of a SIM swapping nightmare. Stay vigilant, stay informed, and share these practices with fellow crypto enthusiasts.
Stay safe, and happy crypto trading!