How Should You Respond?
When a SIM-swapping attack happens, it’s critical you take immediate, decisive action to save you matters from getting worse.
First, name your financial institution and credit score card businesses and request a freeze to your accounts. This will save you the attacker from the use of your budget for fraudulent purchases. Since you’ve also successfully been the sufferer of identity theft, it’s also smart to touch the various credit bureaus and request a freeze on your credit score.
Then, attempt to “get ahead” of the attackers via moving as many bills as possible to a new, un-tainted email account. Unlink your old cellphone number, and use strong (and completely new) passwords. For any debts you’re unable to attain in time, touch client service.
Finally, you ought to touch the police and document a report. I can’t say this enough—you’re the victim of a crime. Many homeowner’s coverage policies include protection for identity theft. Filing a police file might allow you to file a claim towards your coverage and recover some money.
How to Protect Yourself From an Attack
Of course, prevention is always better than a cure. The fine manner to shield against SIM-swapping assaults is to simply no longer use SMS-based totally 2FA. Fortunately, there are some compelling alternatives.
You can use an app-based authentication program, like Google Authenticator. For every other stage of protection, you can select to purchase a physical authenticator token, just like the YubiKey or Google Titan Key.
If you without a doubt must use textual content- or name-primarily based 2FA, you need to keep in mind making an investment in a committed SIM card you don’t use everywhere else. Another choice is to apply a Google Voice number, even though that isn’t to be had in most countries.
Unfortunately, even if you use app-primarily based 2FA or a bodily protection key, many services will allow you to skip those and regain get admission to to your account through a text message sent to your smartphone number. Services like Google Advanced Protection offer more bulletproof protection for people prone to being targeted, “like journalists, activists, commercial enterprise leaders, and political campaign teams.”