The sim swap case is currently being discussed. SIM Swap crime mode is not the first to happen. Previously, Twitter boss Jack Dorsey had become a victim. His social media account got hacked after Dorsey’s cellphone number connected to his Twitter account was hijacked by cyber criminals. The hackers who called themselves The Chuckling Squad were then arrested. now in Indonesia ilham Bintang revealed through his social media account that he lost hundreds of millions of rupiah due to his SIM card being taken over by the criminal. CEO & Chief Digital Forensic Indonesia, Ruby Alamsyah said the crime uses the SIM swap mode or swap SIM cards.
The culprit who took over the Ilham Bintang SIM card did so by asking officers at the Indosat store to replace the SIM card in the name of Ilham Bintang. Based on the narrative of the Indosat party, the number redeemer claimed to be Ilham Bintang.
What is SIM swapping?
SIM swapping involves a hacker duping your cell provider into believing that you’re activating your SIM card on another device. In other words, they’re stealing your phone number and associating it with their SIM card.
If successful, this attack will deactivate your device, and their device will now be the destination for all texts, phone calls, data, and accounts tied to your phone number and SIM card. With that information, the attacker could easily gain access to your app accounts, personal data, and financial information. They could even lock you out of your services for good.
What a SIM swap scam looks like
A person doesn’t need physical access to your phone to perform a SIM swap—they can do it all remotely, regardless of your device’s make and model, or your service provider. They just need to have enough information to convince a customer support agent that they are you. You may not see a SIM swap scam headed your way until it’s too late.
The easiest way to tell you’ve been targeted by a SIM Swap is when you see strange behavior from your phone, like an inability to send or receive texts and calls despite not having service shut off; receiving notifications from your provider that your phone number or SIM card has been activated elsewhere; or being unable to login into any of your important accounts.
Beware of phishing scams
The first step in an SIM swap attack is usually (but not always) phishing. Sketchy emails with malicious links, bogus login screens, fake address bars—there are many forms phishing scams can take, but they’re easy to spot if you know what to look out for. Don’t click links, download programs, or sign in to websites you don’t recognize. If an attacker gets enough key data about you from these attacks, they’ll have what they need to try a SIM swap.
Reduce excessive personal data online
Whether in addition to phishing or in place of it, the other early part of an SIM swap involves social engineering—basically collecting as much data about you as possible so the hacker can reliably pass for you over the phone or in an email.
To prevent this, keep your phone number, date of birth, mailing address, and all other compromising information off as many of your accounts as possible, and don’t share this information publicly if you can avoid it. Some of this data is necessary for certain services, but you don’t need for any of to be searchable on social media. You should cancel and delete any accounts you no longer use as an added precaution.
Protect your accounts
Many digital accounts have settings that can help you take back your accounts if they’re ever stolen—but they need to be properly set up before the account is stolen in order to be of any help. These can include:
Creating a PIN number that is required for logins and password changes. This is especially important to set up with your cellular carrier, as it’s a great defense against SIM hijacking.
A suitable two-factor security method that relies on a physical device, like Google Authenticator or Authy, rather than SMS-based verification for logins. You can also spring for a hardware token to protect your accounts if you want to get really fancy.
Strong answers security recovery questions that aren’t tied to your personal information.
Unlinking your smartphone phone number from your accounts, where possible. (You could always use a free Google Voice number if you’re required to have one for your sensitive accounts.)
Using long, randomized, and unique passwords for each account.
Use an encrypted password manager.
Don’t use your favorite services (Google, Facebook, et cetera) to sign in to other services; all an attacker needs is to break into one to have access to a lot more of your digital life.
You should also make note of important account-related information that could be used to identify you as the rightful account holder, such as:
The month and year you created the account
Previous screen names on the account
Physical addresses associated with the account
Credit card numbers that have been used with the accounts or bank statements that can confirm you were the one who made purchases
Content created by the accounts, such as character names, if the account is for an online video game
Similarly, keeping a list of all your critical accounts will make reacting to a SIM swaps or similar ID theft easier, as you’ll be able to securely comb through each account and change passwords, email addresses, et cetera. Have all this information stored securely—perhaps even as a physical printout of a text file—rather than saving it on a service associated with a digital entity (that could be broken into).
Decentralize your online footprint
Consider using encrypted, open-source apps and services instead of just the apps from Google, Apple, Microsoft, to keep important data spread out, with the most sensitive data stored in places with the highest security. This applies to email, messaging apps, bank apps, etc. Google Drive and iCloud are great, but if everything funnels into a single drive—including personal financial information et cetera—you’re screwed.
Also, you should keep certain data out of the cloud entirely. Don’t throw your tax returns into your Google Drive, because if someone were to gain access, they’d suddenly have a ton of critical information about you (and plenty of information they could use to pretend they are you). And please, no matter what, don’t keep a list of your common passwords, backup sign-in keys, your password manager’s “account recovery” PDF in a simple cloud storage account.