Do you think using SMS for Two-Factor Authentication is safe?

If yes, you might have not heard about SIM Swaps yet.

SIM Swap fraud is a comparatively new, complex method of cyber fraud that allows scamsters to gain access to credit card information, bank accounts, and other personal data including access to such messengers as Telegram, WhatsApp, Viber etc.

If someone possesses the information on your phone number there are already plenty of ways to swap your phone number to another sim by reaching out the phone operator. This type of fraud is called a SIM swap.

How does it work?

First of all, a hacker will start from gathering as much data about the victim as feasible. In most cases, scamsters use phishing e-mails: fake e-mails from “legitimate companies” like banks and insurance firms — with the purpose to fool victims to reveal their sensitive data such as full names, dates of birth, addresses, and phone numbers. Sometimes fraudster may go the other way, they might use the information that is available on government or public catalogs, social media accounts, and data directories from criminals who specialize in collecting private data.

Once fraudsters have all the needed information on a victim, they contact the victim’s cellphone provider and claim that the SIM card has been lost or damaged. Next, they ask the customer support to initiate a new SIM card or number.

It is not that easy to cheat telecommunication providers because they ask a set of security questions, but it often does not prevent scammers from getting in possession of phone number since they use the private data they’ve gathered from across the internet to defeat the carrier provider’s security checks.

How to protect yourself from SIM swap fraud?

1.     Follow the elementary online security hygiene: don`t go for phishing e-mails, calls or SMS.

2.     Reach your phone carrier immediately, if your phone goes out of service without any obvious reason.

3.     Never share your phone number on social media websites

4.     Always use email alerts simultaneously with SMS alerts as means of two-factor authentication.

Even more tips from our friends from Krypital Group. These tips are vital to stay safe in the Crypto-World:

Two-Factor Authentication (2FA), also known as Multi-Factor Authentication (MFA) or multi-step verification adds another layer of security, supplementing the traditional username and password model with a code that only a specific user has access to, typically sent to a device that the user has immediately on hand.  This authentication method can be easily summed up as a combination of “something you have (device on hand) and something you know (provided code) ”, resulting in a secure way to authenticate that the correct user has access to the protected information.

As anyone that has spent any amount of time in the various Telegram channels populated by the global crypto community, scammers are an ever-present threat to projects, investors, users, and communities.  We highly recommend that all active Telegram users take advantage of the Two-Step Verification option included in the app and found on the “Privacy and Security tab.”

In addition to 2FA options found on apps themselves, we also recommend that people explore the various online security apps that can be downloaded to mobile devices. One highly rated solution is “AUTHY” (, an app that allows users to set up 2FA for any website that where personal information is transacted, such as Facebook, Gmail, Amazon, Twitter, etc.  They provide TouchID, encrypted backups to prevent lockout on lost devices, and the ability to sync across mobile, tablet, and desktop. We advise people to research what works the best for them.

Another tip for Telegram users is to “trust but verify” whenever interacting with someone online.  Anyone reaching out to you directly to offer something unsolicited should always raise a red flag. Almost all companies involved in Crypto have an “official” Telegram channel, it is ALWAYS a good idea to reach out to the channel admin to verify any communication claiming to be from their team.  A very common trick that scammers play is creating an account designed to look like they are a member of a project/team or an admin to trick users into sending Bitcoin, Ethereum, or other crypto to the hacker’s wallet instead of the wallet being used by the project to sell tokens.

Spread the love
  • 1

Leave a Reply

Your email address will not be published.