Let AT&T help you elebrate your dad with Father's Day Gifts that connect us.
Troubleshoot your device issues
CoastRanger's profile

Tutor

 • 

11 Messages

Monday, June 17th, 2019 8:30 PM

Closed

Protection against unauthorized SIM SWAPPING (Sim Swap Attack)

I have NOT yet been a victim of a SIM SWAP attack but the ramifications are HUGE.  As I understand it, my phone number can be hijacked to a device in the possession of the hijacker EVEN THOUGH I HAVE THE SIM IN MY PHONE IN MY HAND!   Any 2FA text message authentication, text msgs, phone calls, etc. would then be sent to the hijacker's phone.

 

I wouldn't be able to place phone calls.  Any interactions that I have with businesses, banks, etc. would not be able to verify my identity because I would not be able to phone in using MY phone number.  My banking, etc would not let me log in because I would not be able to receive the text messages with the login codes that are required.  etc etc. 

 

In other words, if my phone is my identity and that identity is controlled by the SIM card in my phone and someone is able to use that SIM information for their own purposes, I am toast!

 

I do NOT understand exactly how anyone could hijack my number (SIM SWAP) unless ATT permitted it.  

 

What mechanisms are in place to prevent this from happening?  Is there some option in my account that I can set which will prevent this??

 

Accepted Solution

Official Solution

ACE - Expert

 • 

64.7K Messages

5 years ago

@GLIMMERMAN76 There are other ways to do it but that normally involves some sort of social engineering to gain account access and then tricking ATT into issuing and activating a new SIM card to an imposter.  The risk of that happening I would think is pretty small but it does happen.  @CoastRanger The way to protect yourself is to protect your account and secure your phone. Also make sure you have an account pin set. The account pin is supposed to ensure no ATT store activates a SIM card for anyone that does not provide that pin.

Expert

 • 

19.6K Messages

5 years ago

Moving to wireless

ACE - Expert

 • 

23.9K Messages

5 years ago

I suggest your read more on it.  They need your phone to do it.  If you lost your phone and did nothing to remote wipe it then I could see this working it's now harder here in the USA.

 

https://en.m.wikipedia.org/wiki/SIM_swap_scam

Tutor

 • 

11 Messages

5 years ago

Thanks. I have had an ATT account for a lot of years (since my first mobile phone,the size of a brick).  The options on the account have changed also.  I had not realized that there was an EXTRA SECURITY pin number option.  I enabled it yesterday.  Thanks for mentioning it.

  Meanwhile I am trying to figure out how to do two factor authentication at the bank without using my  mobile phone number when an SMS text is the only option offered.  

 

Tutor

 • 

11 Messages

5 years ago

Yeah... I have read up on it.  And it DOES happen.  I found the following very interesting article written this week by Matthew Miller, a long-time ZDNet tech writer.   His case demonstrates the problem with using one's phone as the KEY to your digital life.

 

SIM swap horror story: I've lost decades of data and Google won't lift a finger

ACE - Expert

 • 

23.9K Messages

5 years ago


@CoastRanger wrote:

Yeah... I have read up on it.  And it DOES happen.  I found the following very interesting article written this week by Matthew Miller, a long-time ZDNet tech writer.   His case demonstrates the problem with using one's phone as the KEY to your digital life.

 

SIM swap horror story: I've lost decades of data and Google won't lift a finger


@CoastRanger 

 

I agree it can happen BUT you have to be a target for it to happen.  He is a tech writer and is a target for hackers.  He also stored way to much info in the cloud which I never recommend.  I have 2FA on everything BUT I don't just use google for my backup email addy and get updates when things are changed.  But yeah I can see how people get the feeling of being secure and they really are not.

ACE - Guru

 • 

1.2K Messages

5 years ago

Agree with @GLIMMERMAN76 

 

I don't do anything on the cloud, except an outlook.com email/calendar/contacts/notes account.  Even with that, I keep a local contacts copy just in case.  I also keep an email with my ISP as my backup.  I have a Google account, but not a Gmail address (even though they make it look like you need a Gmail address to use Google, it is possible to not have one).

Tutor

 • 

11 Messages

5 years ago

I did not know that you could have a Google account without a Gmail
address. I do NOT like working in the cloud but I do need to do
financial online stuff (not social media)since I travel a lot .?? I use
Yubikey and throw away passwords where possible but not all banks use
them.?? (And losing a KEY would be pretty disastrous and it CAN be
appropriated when crossing borders.)?????? It seems like the more
precautions, I add, the more the vulnerability vectors increase.?? No
good ways to do things here.

ACE - Sage

 • 

118.2K Messages

5 years ago

@CoastRanger  Yes, I had a Samsung smartphone before I had a gmail account. Opened one when my yahoo got hacked.   I still have stuff floating around attached to the old google account.

ACE - Guru

 • 

1.2K Messages

5 years ago

I had originally set up a Google account right as they went public with Gmail, but they had not yet tried to tie them together. That came later. And for a while, if you had an android phone, you were forced to have a gmail address to set up the phone with a Google account. This happened when we bought a Galaxy S2 for my son. I tried to use my account and it flat wouldn't accept it. My wife also had a Google account that wasn't a gmail address and that didn't work either. The error specifically said it had to be a gmail address. So my wife created a dummy gmail and related Google account just to get the phone to finish the initial setup.

 

Luckily, that requirement is no longer enforced. By the time I got my S8, I setup my gmail-less Google account on it and had no problems.

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.