SIM Swapping EXPLAINED (+ how YOU can easily avoid it)
Vložit
- čas přidán 2. 06. 2024
- Celebrities, politicians and businesses have all fallen prey to this simple but extremely damaging kind of fraud: SIM swapping. What is it? Is it still an issue and how can you easily avoid it? Check out Efani for more mobile privacy: efani.com/allthingssecured
You can find the Princeton study referenced in the video here: www.issms2fasecure.com/
Read more about SIM Swapping here: www.allthingssecured.com/tips...
If you care about your personal security and privacy online, download my free security checklist here:
✅ Security Checklist: www.allthingssecured.com/secu...
✅ Subscribe to this channel!: czcams.com/users/allthingsse...
For those who want additional privacy and security for their mobile phone plan, or even an insurance policy against potential SIM swapping fraud, check out this week's video sponsor:
▶ Efani: efani.com/allthingssecured
🔹🔹🔹What You Should Watch Next🔹🔹🔹
We've got a lot of great privacy- and security-related content here on the All Things Secured CZcams channel (although we admit we're a bit biased). If you're wanting to increase your online cybersecurity, here's what's next:
✅ How to Hide Your Personal Phone Number (and become anonymous!) • Use a VIRTUAL Phone Nu...
✅ 8 CRITICAL iPhone Security Changes You Need to Make NOW • 8 CRITICAL iPhone Secu...
✅ An ALWAYS-ON Mobile Phone CAMERA? (it's coming) • An ALWAYS-ON Mobile Ph...
🔹🔹🔹Help Support All Things Secured (Recommended Services)🔹🔹🔹
If you enjoy this kind of practical security and privacy content, one of the best ways you can help support this channel is by using these affiliate links to our favorite products and services. When purchasing through these links, you not only get the best available deal, the companies will also pay us a small commission. Thank you for your support!
✅ Recommended Password Manager: www.allthingssecured.com/yt/1...
✅ Recommended Identity Monitoring: www.allthingssecured.com/try/...
✅ Recommended 2FA Security Key: www.allthingssecured.com/yt/y...
✅ Recommended Secure Email: www.allthingssecured.com/try/...
✅ Recommended VPN: www.allthingssecured.com/try/...
*********************
Video Timestamps
*********************
0:00 - Introduction
1:19 - What is SIM Swapping?
3:19 - Why Should You Care About SIM Swaps?
4:09 - How to Avoid SIM Swapping?
4:21 - Tip #1: Don't Use SMS text for 2FA
5:21 - Tip #2: Call Your Mobile Phone Provider
6:06 - Bonus Tip: Build Extra Mobile Security with Efani
7:49 - Tip #3: Set a PIN for your SIM Card
8:02 - Tip #4: Don't Give Real Answers
*********************
SIM swap scams are on the rise, so it's best you know about it before you become the next victim. In this video, Josh walks us through what SIM swapping is, how it works, and how you prevent it from happening to you.
Read more about the SIM swapping attack here: www.allthingssecured.com/tips...
#simswapping #simswapscams #cybersecurity - Věda a technologie
This is totally the fault of the phone companies and they should be held liable for the loses due to their lack of security in these instances.
No. I don't care what they do, you will NEVER be safe from a SIM swap. As long as your security key is controlled by a 3rd party you are vulnerable. The fault is ANY company that forces use of SMS a a factor for MFA. It's insane that SMS is used for this.
The only secure way of dealing with things is hardware keys, auth apps or passkeys. SMS should be thrown in the rubbish bin for any form of security. It was meant to send quick personal messages between people who know each other, that's what it should remain doin.
Or call your banker. Nevermind, most of my employees love no banking personalization.
How can u avoid getting scammed by sim swap? DO NOT MAKE BANK BUSINESS THROUGH PHONE APP!!!! I do my bank business on my lap top at home through bank internet page and bank codes. There is nothing that can not wait to get paid until u get home and nobody can access my bank account without my pin number and bank codes, even thou i receive an sms to confirm transactions.
@@bambinaforever1402 Sure. Now, how about most banks in my country that only offer SMS as a 2FA? There are no 'bank codes', it's SMS or nothing.
And no, this has nothing to do with using a phone app, logging in on the web is exactly the same process.
Yes, our banks are stupid bad for security.
@@repatch43 Bank of America uses SMS text as 2FA, which is the ONLY 2FA that they support. A major bank... and that's their ONLY option....
Here’s a stupid question…why don’t Carriers call the actual number before allowing a sim swap?
Idea to simple for complex unchecked levels at corporate
@@tombucannon because, like every other company in this country, they don't care. All they want is that bill paid each month and screw your and you security conserns.
as someone who works in phone retail, this could never work because we so often have people who lost our broke their device and don’t have a secondary security number/family member to call to verify
So that the one who stole your phone can cancel the swap?
It is not a stupid question
What they need to do is force you to visit one of the stores with some sort of government issued photo ID (this would mean no credit cards can be used as ID). The whole idea is to do it in person rather than taking your word that the account is yours. Too many things are done over the phone or internet rather than in person. It is only for convenience. It is time to give up some of that convenience in exchange for security. Too many people want convenience but they don't realize what they get in exchange.
In my case, my exboyfriend did just that. He physically went into the store in another state claiming he wanted to port his number to his new phone, but it was my phone number. Fortunately, for me, we had the same carrier who pulled up the number he gave them, saw a female name on the account and called me and left a message on my voicemail. I, of course, called them back immediately and told them I had ended our relationship because I caught him steaming open all my mail while I was out of the country for 6 weeks going to school abroad in Paris. He offered to take care of my dog while I was out of the country (so he could go through all my mail and computers while I was away).
Seriously.
This was a man who treated me so well, was kind to my dog, and who never showed any signs of jealousy, rage, or violence toward me (or anyone). It just goes to show you that some people are extremely accomplished at being two-faced to the point of it being nearly undetectable.
This was a highly intelligent man, who was moving to Cambridge, MA to attend MIT b-school, and it was there that he tried to port my number to his new phone AFTER I had caught him steaming open my mail and cut all contact with him and told him to never contact me via any form of communication again ever.
He was such a seemingly nice, kind, generous man you would never suspect of anything like this, but that was just who he pretended to be when he was with me. He was living a kind of double persona around his friend group.
His last words to me as I was escorting him out of my apartment building were, "I've never know anyone who is as honest as you are." I told him to remember that when someone else betrays him, how he treated the most honest person he had ever known in his lifetime." He hung his head and left quietly.
Two months later, he tried to port my phone number and sim card to his phone on the other side of the US. Only the carrier calling my voicemail and leaving me a message saved him from being successful at it.
The don't require it to vote. Also they won't require it to transfer because people are lazy.
The guy at the store is in on it. He is buddies with the thief and orchestrating everything.
That is how it is done here. Finland. The country with the first operational GSM network.
@@fdllicks Yes, and next the person, who issued the change, faces some interesting questions. Simple.
Your phone service carrier should be held liable for poor employee training if sim swap happens to you.
Usually, the guy at the store is in on it.
Bottom line I have a cheap prepaid phone. I was already scammed.
@@Maria-fz1muu do not need to have a cheap phone to have a prepaid sim card. I have an expensive iphone with prepaid UNREGISTERED card
How would it have the same number if your phone still work?
how about requiring customers come to a phone store and show their physical ID? if they can’t there is always video conference.
I was called by a tmobile store in brooklyn ny bcz a 19 yr old walked in with a completely legit looking drivers license with my name on it. They were suspicious bcz he was 19 and i am 51. also, their buddy works at the store and is orchestrating everything.
Their buddy at the store is in on it.
My carrier tracfone doesn't require a security word . Confusing
Video is useless with the level fairly cheap AI can produce. It might work for a few month but soon AI will be able to produce on demand responses in real time. In person or bust imo.
More proof that regardless of how vigilant you are with cyber security, the large corporations we commerce with are the weakest link.
You can still increase protection by removing sms 2fa from sensitive accounts, instead relying on 2fa authentication apps on a biometrically secured phone.
In Italy, where I live and work, you have to present the phone company operator a police statement (theft, lost SIM, etc.) and an identity document (Passport, Identity Card, etc.) in order to get a new SIM. It has always been so. The European Union has recently released a series of rules to phone companies in order to fight SIM swapping and others types of scam. Transfering the phone number to a new operator is equally protected. For example, a phone call or a SMS is sent to the existing SIM in order to notify the user before moving the number to the new SIM.
This!!!
As it should be!!!
EU is always lightyears ahead of US/Can in these things.
That is a bummer. If your phone is stolen or got destroyed together with sim card how is that possible
@@bambinaforever1402no problem...ur id is stored at the company ..its easy to check if you are you ( passport, loss report from.police,puk code ) and all in person...
The phone companies should be held accountable
I wish they were.
Phone companies are not providing secure services to those paying the monthly talk and text bill and should be held accountable as they know from the get-go the consumer is NOT secure!!!!! The end users are not technically savvy and expected to figure this stuff out is ridiculous!!
That suggestion about not giving truthful answers to security questions is a good one. I've been doing that for a while.
I have a hard enough time remembering the real answers let alone made up ones.
That’s a good idea
Yes, because lots of information about you is available on public records. One common question is, in what city were you married. They can find the answer but if you give the wrong city as your answer, even if they know the right answer it will be wrong.
Been doing that since the first time lol. I treat them as passwords and whatever the question is I just enter a 20 digit hard af password.
I started doing this after yahoo email was hacked, and I couldn't remember which security questions I'd answered (yahoo required them), and stupid yahoo gave no record of that.. At least there seems to be little use of security questions anymore.
The phone companies should require people to come into the store with 3 pieces of ID to transfer a phone number to a new SIM card.
Doesn't help. Inside jobs that are hard to trace. One employee steals another's credentials etc. Can also easily infect some store location with malware.
@@Fatman305 It would help because SIM scams are not always an inside job. Scammers want to avoid security cameras and avoid leaving evidence (DNA).
Then that's easy. You can sue the carrier directly if that happens.
@@dodgek5270 Happens all the time already, and a guy lost millions in crypto and *lost* a lawsuit against att for this exact scenario. Carriers aren't responsible for sophisticated criminal employees that strike without warning...
100% Our phones aren't toys. It should be harder to swap sims than to get a passport ffs! Hell you should have to bring a witness, who has ID as well, that is pre listed on your phone account.
I called AT&T and said DO NOT allow SIM swapping on my account about 2y ago. They said they have no way of doing this! I said okay put your manger on the phone, told them this phone call is recorded and that I want you to personally note my account that SIM SWAPS are not allowed unless done in person. I doubt they gave me a real name OR that my account was noted so I tested it and NO NOTE was added. The fact that a multi billion dollar company can't add a policy saying anything SIM related must be done in person, including changing options from this point on, is beyond me. Reminds me of trying to buy a series X from Microsoft a few years back, THE tech giant of the world, does not have a simple captcha in place to prevent bots from exploiting on their website. We must be real naive not to be able to read between the lines...
You are not bright. Maybe rewatch video 10x to understand how it works
Interesting. In most developed countries you need to provide physical ID at a physical location or authenticate with your online banking credentials to request a new SIM, which can only be sent to your registered address or picked up from a store with physical ID like a passport or ID card.
That’s y scammers use an rdp server and link it to ur ip so it looks like the mobile call is coming from the residence u stay in
@@EMERBRUHare you brain dead? He said PHYSICAL. What's that got to do with an RDP server?
One more easy and important tip which you should have mentioned is to never use your primary SIM number as the 2FA number.
Buy a 2nd SIM and use that for important accounts and only use for those accounts and never contact anyone with that SIM nor share that number with anyone.
Ok so I presume that for Sim swapping you at least need to give them your number?
That is good advice. My wife's phone has space for two SIM cards. So, she could do that with just one physical phone.
Re: carrier account pin code or p/w....a good practice is to change it after calling carrier and giving it to them to verify your account. You never known if they've written down somewhere
As usually with corporations, spend millions advertising how wonderful they are but pennies on training.
It is not "training". The guy working at the store is in on it.
@@fdllicks
Not talking about the store, talking about customer service. The vid talked about them being the weakest link and insufficient training.
But they're also low paid (and relatively numerous) and thus, low in quality. And quality costs money. We all want vast numbers of top quality people on the job until we realize how much that'll cost us. Large numbers of highly trained, high quality employees are not cheap, and you have to recruit and retain them, too. Millions in advertising is actually quite cheap, by comparison, and unlike customer service, ads generate revenue- which in turn could be used to improve customer service.
@@BologneyT yep, when your paycheck doesnt cover the bills, and you start thinking. And your buddy comes to you and asks you to help him with a sim card swap for$100. You look at your tiny paycheck, and tmobile says "we arent paying you for lunch anymore", and "come in at 11 instead of 9", it is tempting.
Don't save/remember User Name or Login ID on an app. Another thing that a scammer would have to guess.
So the weakest link here is the customerservice of your cellphone provider. I just decided to read into how my provider deals with it and it seems they have extra security layers build in which is good to know. They also seem to get training a lot to look out for the signs.
So there is no way to easily avoid it, other than your recommendation to buy this expensive third party cellphone plan. As far as Efani, one of my main concerns is if they all of a sudden go out of business. Since they're the one your phone number is with, and not the underlying carrier, you might be screwed and lose your number. They'll be no way to port it out. :/
Thank you so much for these suggestions. Thanks to you, I was able to set up a SIM PIN, and I also enabled other security features my carrier offers to harden my account against misuse. Great tips! 👍
I’m glad it was useful!
How does SIM Pin prevent the swap?
The explanation I read on forums is that it only prevents the physical SIM from being used on a different device
@@alejandragonzalezguel900False sense of security is a wonderful thing... In real life, the risk is from an insider at the cell carrier, or malware infected store computers... Neither of those is likely to happen to a bank. Hence: use a secret sim only with banks...and realize that whenever a human looks at your account, your secret # is less a secret - so do everything on mobile app, secured by biometrics and an extra security app that adds PIN to that, in case phone is stolen. That's what I do...
One problem is you can often change the default 2-factor mechanism but the fallback is still likely SMS. There needs to be some sort of backup to prove your identity in case your primary method gets lost or broken.
Not really seeing the "how YOU can easily avoid it" part...
You aren't very bright, are you, Feed_Bleed_Read ?
It seems you can't, because the phone company customer service can't be trusted. No more online banking for me. And I'll continue ignoring my email account's pleas for 2FA activation.
Cheers Josh , great information.
My pleasure, John!
Thank you for this video!
My pleasure!
I was actually just looking for a great video explaining this. Thanks so much, Josh!
My pleasure!
Helpful info that isn’t widely discussed
How do we know a product like "Efani" doesn't create a problem like this so they can sell their product. I'm always highly suspicious of such things. Remember a little movie way back in the 90's with Sandra Bullock called "The Net?"
Exactly. I feel the same about antivirus software.
Oooh, The Net is one of my favorite movies! Not one of my security question answers. lol
Yeah, ok . They invented sim swapping. Right, smart guy
I use authenticator apps everywhere I can, but tell me, why don't banks give you the option to use authenticator apps? That's the most vulnerable account for anyone and banks don't let you use the more effective methods of authentication!
This was an infomercial 😂
Thank you so much
Let me share one more thing with you, I was a victim of sim swap before, so I set a pin and did what you just said, but I went a step further by asking the company to put a note on my account that no changes or swapping the SIM card over the phone or the internet, the only way to do something on my account is to be in the store physically, and with a valid ID.
Now when I try to call the customer service or do something online I get a message: (sorry you need to come to the store with a valid ID in order to make changes.), it's not very convenient but it's more secure somehow.
One question, do you know any bank that allow using physical 2fA key to login?
Thanks again for your awesome info
That's a great way to do it, Michael. Most major banks I know don't allow for a 2FA key, but there are smaller online banks (such as Mercury) that do offer the option to secure with a Yubikey.
@@AllThingsSecured
Thank you so much ❤
I was SIM swapped last week by a person physically in the store with a fake ID. T Mobile didn't require a pin or anything since they had a fake ID. You're not safe with that plan.
@@mattshaul5670 that is what just happened to me today, it was super scary!
@@AllThingsSecured Excuse me, what do you mean by 'DON'T ALLOW'? In Europe, 2FA is a minimum requirement meanwhile for log in as well as for transactions.
Note it is not just two factor authentication. They can reset your password. One should not use the listed phone number as your password reset/two factor authentication number (they are different setting on, say Google). I use a prepaid where SIM swap is not possible. They will not provide a new SIM under any condition (if I lose the phone I lose the number and the balance) as they do not know whose it is. I have that number as the second SIM.
Interesting idea. Thanks for sharing.
I like this idea
Who do you buy your pre-paid SIM from?
This is great! I can’t help but take credit for the suggestion to talk about physical SIM passcodes. :)
Feel free. I will caution people that it’s very easy to get locked out of your SIM if you do it wrong, though.
@@AllThingsSecured yes absolutely.
@@AllThingsSecuredCould you recommend a similar phone product that people reside in Canada can use?
Go personally to a physical outlet when purchasing a phone and renewing your plan. Here in Canada, where I live, I go to an outlet in the mall and they will give me $50 credit card as a token for doing business at their outlet.
Here in the state of Colorado some police departments won't even bother to help you with any identy theft or cyber crime. You can't get a report to help you .
This is great info, thanks. I wouldn't dare do that last thing, though, because I wouldn't be able to remember the fake info I gave for the security questions. It's still a great idea, though.
I agree. I have a hard time remembering the real answer let alone the fake one I came up with two years ago.
@@billl1127 Same here. I have a hard time even remembering if I capitalized the first word or not.
@@billl1127 Another variation of this that could work is, your answer to those questions is a random phrase or word that you use, which has nothing to do with the question. "Name of favorite pet?" = whatchamcallitphrase. "Name of favorite teacher?" = whatchamacallitphrase, etc...
Or just answer with the 2nd of whatever instead of the first.
First street you lived on? Give the 2nd or 3rd or something you will remember.
If your memory sucks so bad you can't do that. Work on your memory.
If you are unwilling or too lazy to yo do that; get a digital password vault that you keep at home.
But really, just spend less time scrolling and more time working on your memory. You will be way better off developing your brain, rather than rotting it away on social media.
@@borrago answering the second question is a good idea, but I don't know where you get the idea that I spend all my time on social media. Some people have short term memory problems that are not self-inflicted.
Is Efani a new phone carrier, or can i keep using my Verizon account. I have a business account with many devices on the account.
Some good information BUT!! it's basically an add for a security system without a price mentioned. To find out the price ? you would, no doubt, have to enter your information???
The presenter failed to tell us how the Effany staff are screened before they are hired. Their jobs give them too much access to people accounts.
Hi. Everyone. I have a question. Is Sim lock will prevent Sim swap (phone number port out) ? I saw a few CZcams videos how to set Sim lock from the phone. But I'm not sure if that will prevent the Carrier from port your phone number out ? Any input information. Greatly appreciated. Thanks
You can put a 4 digit lock code on your SIM which prevents it being used in another phone or indeed your own phone until you've entered it on turning on the phone but it wouldn't prevent the SIM swap fraud being discussed because the fraudster gets hold of another SIM which replaces yours
..thanks for explaining..
You bet!
Is theft from a SIM Swap not possible if one is using 1Password? The thief wouldn't be able to change passwords to my finanical accounts without knowing the original passowords, right? Am I missing something here?
Interesting. So for anything financial we have a dedicated chromebook with a bogus account. From that chromebook/account I only ever log onto my password vault. So in theory even if my phone was sim swapped, then the google account they got access to would be my personal account, not the bogus one that I accessed the financial stuff. I never log onto my password vault from my regular email, So in theory if I was sim swapped it would be irritating but they would have no way to know what the 2FA codes were for right??
My mobile service provider leaked my phone number and the serial number of my sim card. Does this expose me to the increased risk of SIM swapping?
Yes change it
What about newer phones without physical SIM cards. Or are they digital SIM cards?
They use "e-sims". Most phones the last few years have both types.
Without sim card is also a thing. The slot stays empty and phone runs on wifi.
America runs on Dunkin and my smartphone runs on wifi
this was nothing more than a long commercial for efani
I don't get it, what does PIN-lock for the SIM help if they get a new SIM card....or did not understand it
you have to give them PIN number before they can give you new SiM card - and only the owner would know PIN to his own SIM
He never showed visually how this scam operates!!!!!!!!!
What should I do if my mom was sim swap. What are all the steps I should take to make sure they cannot take more.
Good information 👍
In Pakistan, even if I give my sim to some scammers myself they can't do anything bad to me. In case they spoof me somehow, for cell carriers to issue them a replacement sim card, they will ask a number of personal info plus a biometric verification (one thumb and and a fingerprint of other hand at least). As for my bank account, it is also set on a fingerprint sign-in method 😊
All that effort and things you need to know . What about throwing away your cell phone ? Isn't that an option ? I did it two years ago , works great !
Haha I get that! It's one less thing to remember.
But if you really want one, go SMH less. Buy just the device, do not install the pesky card 💳 (sometimes they come without. Hooray!) Then just use the phone like a mobile computer with wifi
Source: that's what I do+
It has happened in UK in the past, but it is now so tied down no carrier would dare, or be able to do it. It really isn't worth the risk for even a disgruntled staff member to do it.
What a lot of people do not understand is that the phone number they use is not theirs, you do not own your phone number, your provider owns it. Not you. Second, use an authenticator app for mfa.
There are plenty out there you can use.
Here (the Netherlands) you have to go to a store physically if you want you sim to be swapped and they will only do it if you bring your ID (Passport, Driver license) card to identify yourself.
Thanks for your attention,
Rik
Sue the phone company with class action suit for billion dollar, they will take care of this problem right away. Lawyers, this is a sure winning case.
Use masked emails
For your primary carrier I cannot stress this enough that and 2FA and if a company or bank will still only let you use a phone number use your masked one that gets filtered through a privacy app that way it intercepts the code first and your phone number doesn’t get it at all!
every site which asks for mother's maiden name, favorite movie, etc..., I provide a different response to the same question each time and I store that info somewhere.
There’s many expats from the US and other countries that are living in other countries. How are they able to login to their bank and credit card accounts? Most banks won’t accept a VoIP phone number or VPN. I’ve heard that Tello or US mobile would work but you have to be in the US to get them. I currently live on Guam and I would have to fly to the US just to get an account with Tello or US mobile. I need a solution that works reliably and consistently before I move to another country. Can you help? Thanks.
This is a long standing and unacceptable situation. Commenters here have complained about phone carriers but you're the 1st commenter to bring to attention the disgraceful archaic methods used by the financial institutions. I have the same problem as you and I too will have to go to the US to obtain a US Mobile acct for a long term solution. In the short term, I recommend you get hold of a relative/close friend to create a Google Voice acct for you. Despite using a VPN, I have failed to generate a GV and had to finally get someone in the US to do it for me. Altho GV is technically a virtual #, it appears to work with most banks. I would then get a 2nd virtaul number to link to the GV#. I've tried Hushed and it's decent - however, it will not work as a verification number for GV. It appears to work directly with some banks too but is not guaranteed. Torn my hair out trying to find a solution, again I stress that the current situation is unacceptable and all we can do is pray that all FINs adopt an alternative method.
the solution to this SIM swap thing is simple- you need to drive down to your carrier and do the swap THERE- IN PERSON. You need to bring documents such as phone bills, utility bills and of course picture ID. No more over the phone sessions to some minimum wage employee clock watching for her next break.
Too late. They already drained your accounts by the time you figure it out. Also, the guy at the store is in on it.
@@fdllicks yes- the guy in the store that you RANDOMLY picked is 'in on it'. ??? Also- I'm saying to make it a REQUIREMENT that all sim swaps need to be done at the brick & mortar to begin with- not after the fact.
@@lynskyrd This happened 4x to me. Each time the store the fake sim card was sold in was in another state. Twice, it was in Brooklyn NY, where i have never been. Did this happen to you? If not, shut up. Talk about things you have experience with.
@@fdllicks okay- first off, the fact that you got scammed 4x doesn’t make you an authority on the subject- if anything, it just proves you’re either stupid or careless- take your pick. So with that said- let me try this ONE more time: in order to fall victim to this SIM swap- a few things have to ‘line-up’-- the victim would have to have somehow divulged specific information about one’s self- this is usually done through social engineering scams such as “you received a UPS package- please click this link to verify address” - that type of thing. The other piece that has to be in place is - sure- there might be an ‘inside man’ at the Verizon or AT&T store; but that’s traceable provided due diligence is followed. What I’m suggesting is that unilaterally, Verizon, AT&T, T-Mobile, etc enact an across the board policy that only permits SIM swaps at the brick & mortar in which, positive proof of ID must be demonstrated. This includes picture ID, utility bills and past cell phone bills. There is NO WAY a SIM can be stolen this way. OK - I’ll ‘shut-up’ now because I’m done with this- listen-don’t listen- I don't care.
My final thought is this is noting more than a video to sell a product. Two step verification is the SECOND step in the process. ON all my accounts where it is setup, the code is NOT sent out UNTIL I have signed into my account using up to a 32 character password that is known only to me. A person cannot just enter a six digit code and gain access to my accounts.
Yes, if they somehow get a hold of my computer or are able to implant a trojan to log keystrokes than that might work. However, since most people use their phone on a daily basis, they just need to understand if the phone no longer works call the provider and find out why. Go next door and call from your neighbors phone.
What gets me is this video is so full of holes it is obvious someone is just trying to sell something.
Thank you for that. I feel a little better about this, after reading what you said. It makes sense to me.
Had to Sim swap my own dad because he was overseas and the bill I was paying online required email verification
Hi, Can you make a video about SIM LOCK, this feature available in Android and iPhone. How is the sim lock work? Would it prevent SIM SWAP? AND further more about Esim. Would Esim prevent sim swap since it's not a physical sim card? Thanks
You can put a 4 digit lock code on your SIM which prevents it being used in another phone or indeed your own phone until you've entered it on turning on the phone but it wouldn't prevent the SIM swap fraud being discussed because the fraudster gets hold of another SIM which replaces yours
It looks like you get the option of AT&T or Verizon. This isn't much more expensive than their regular service or am I missing something? It's not an add-on product, it's new mobile service, but secure over one of those two networks? So I no longer pay AT&T, I just pay Efoni?
Efani replaces your existing carriers. So It's not an addon, but a replacement .
Efani would replace your mobile phone plan but still operate on those networks. So yes, you would only pay Efani and they, in turn, would be the customer of AT&T and Verizon.
What does Efani provide over consumer cellular using the same at&t towers to provide service that is more secure???
Many (most or all?) banks won't allow you to remove your phone number from 2FA or password reset options. This is a problem.
hi, I am one of the SIM SWAP victims. if the card is inserted into someone else's cellphone, it will take 5 minutes. Will the cellphone be hit too? please answer my question
Can you change the default sim PIN on your iPhone?
How about all sun swaps be done in person for security reasons . Just like banks will not make any changes to your account via phone . In person only .
I enabled sim lock but when I'm logged in the sim card is unlocked. I need to use my selected pin before the login. I use my flip phone for bank texts. Instead
I hope this isn't a stupid question ... are you saying you have a separate flip phone just for bank verifications? So does that require another cell phone line and different number?
7:51 As far I am aware, the passcode is only valid to the simcard you are holding, not another sim.
100% of SIM swap attacks are the result of someone other than the owner of the account modifying the account without the owner's approval. A company called Cloaked Wireless has solved this by only letting the subscriber modify the account (their staff can't modify accounts). Basically, it solved the whole SIM swap problem.
Beware this dude selling Efani.
1:55 How is this hard to detect? If my SIM gets disconnected from my carrier, then the notification in the top left of my phone changes. I look at my phone multiple times a day. I’m confident I’d notice this immediately.
I have SIM card cloning issues, Authy is SIM based and was exploited in my iphone. Corrupt police can do anything on a cell phone, my ex's friends in police department have been ruthless, corrupt and downright criminal.
That sounds terrible. I'm sorry.
Authy is only sim based when you set it up the first time. Set up Authy on multiple devices, and then turn off multi device. No one can use Authy on a new device unless you enable multi device for setting up a new device.
@@mementomori29231interesting…need more info on multi-auth
HW Keys? Sure, except nobody will allow you to use them. It's either phone or email for 2fa for the ordinary person.
"I first realized there was a problem when it became obvious that my phone service provider had no process in place to prevent release of my account without requiring a security code; - & rather than offering this simple step as a security measure; - All they offered were mindless excuses to justify their complicit incompetence." Say "Class Action Lawsuit".
With EFANI, what’s the protection against an insider attack? If a TMobile employee can be bought off…
I need this answer please answer even if it’s one year old this video can it interfere with sms like PayPal sms or what
With the newer/higher end phones it's optional use a SIM - they have an "eSIM" which is builtin to the phones. I know iPhone 13 as one example I have personally helped someone switch to. Just call tech support with your cell provider and tell them you want to use only the eSIM. Then break the SIM with plyers, throw it away, and you're safe from this scam no matter what. Or Google on how to add the SIM pin if you don't have one. (The default pin is 0000 with Androids apparently, which is needed to set your pin.)
Once again while watching SIM-swap related video I don't understand where in the world does that flawed practice of swapping SIM "legally" based on just a remote call of seeming "owner of a stolen phone" takes place?
This video explained "shitt" haha
Just notify carriers and banks that porting and wiring must be done in real person. In addition to all double verifications. Third party privacy services can also be hacked.
$99/mo!!! How much of that do you get?
Oh goodness. If you’re balking at $99/mo, then the service definitely isn’t designed for you.
I had just subscribed...then I saw his rude snarky reply. Notice he didn't answer the question. This is a thinly veiled infomercial. During times of exponential inflation and the tail end of a pandemic that devastated the economy, $100 is DEFINITELY something to balk at. This guy's disgusting.
@@SpecsAppeal agreed. If they were t going to answer the question they could of left out the rude response. Let’s not forget everyone isn’t as fortunate as this guy. $100 might be nothing to you but to some that’s money that goes toward rent.
@@Ricoxsuav3hh he’s def getting like $10 per haha, but def agree man’s was just asking a question after being surprised at the cost of the service, no need to be rude
Man’s acting like he was working at a restaurant, saw young people ask why the steak is over $50 and told them that’s why cheap people need to eat at cheaper places
@@AllThingsSecuredso you don't want more subscribers. Nice.
The iPhone 14 Pro does not use an external SIM card. Does that prevent this theft?
If this involves simple "social engineering" by calling and talking to you cellphone provider, then . . . It's impossible to stop.
MANY online accounts even when they offer authenticator app support STILL also require a SMS text option. T-Mobile, my bank, Yahoo email. REQUIRE IT!
All very well to be aware of this, but is is the SECOND factor. The first factor is knowing the victim's bank account number AND their online password to log in, AND their phone number. None of these many videos about sim swapping even mention how that primary breach happened in the first place.
Not true. Many accounts use phone numbers as a bailout if you forget your password. They send you a code and give you access.
@@AllThingsSecured Yes, but It is still the same question... they do not have your phone to get the account number. They only have your new sim which gives them your phone number. So the first data breach had to happen another way.
@@rtel123wonder if the cloud backup gives them access to usernames?
Doesn't the scammer need your account password to get into your account? There's a reason why they call it two factor authentication. They should need more than your phone number.
In my country Kenya, you use you voice as your identification to get through to customer care
With AI voice cloning, that's not very good security.. Also what happens if the person calls while they're sick and their voice sounds different?
Do you know of anything like efani available in Canada?
GOOD STUFF!
Ugh....this just happened to me. Tried to get this fixed and the carrier said I needed to respond to the PIN they were sending TO THE HIJACKED PHONE!
So sorry about that!!
Sim Swap may transfer the phone but it does not transfer the Keychain where the user id and passwords are housed , without out the user id a sim swap is useless even if a 2FA account reset is done imo.
The key is to never make public anywhere your birthday, your bank account login name or numbers, and your address. The carrier I am with requires a 4 digit pass code, and the billing account number that is associated with the SIM card. For a SIM change they may ask the customer to visit one of their stores, and bring 2 IDs and a copy of the last phone bill.
Carriers rely on sve labor and storage wages in order to collect the insurance from scammed customers when it would in fact be easier to raise those wages and instead of holding the employee accountable, use the case to form an comprehensive investigation of where the fraud and scammers operate.
How does setting a pin on the sim card help? Wish this had been explained more fully.
Verizon let's you set a PIN to prevent number transfer, but it specifically says this does not prevent SIM swapping. As far as I can tell Verizon has NO protections against swapping.
Are there any cheaper ways? 99 dollars per month is expensive
SIM change shouldn't rely on a few security questions! They should see that the phone SIM is currently active on a phone IMEI that has been the same for some time. They can even see that it's in the same area. If at home, then they would see it connected to the same cell tower that it's always connected to. If the thief claims that the phone was stolen, then need to show identity plus a plausible story. Especially when claiming that it's lost in a state that the phone wasn't recently in. Sure, people lose phones when they travel, and maybe you dropped it at the airport before your flight and report it missing in the new state, but then you could prove your story. If the person can't prove the story, then send message then block the number for 24 hours to give the real owner time to go to the store.
That’s what I’ve been saying…the victim will appreciate the due diligence. The criminal won’t.
I have Google Fi cell service and they say that I have to be logged into my Google account in order to make any changes to my account. Is this good enough protection from this scam? I suppose not if my Google account itself has become compromised.
someone is going to take over your account by asking very nicely for the phone company to give them your phone number. Once they have you phone number, they may have access to whatever is on your phone.
You didn't explain:
1. Scammer needs userid BEFORE they can click on " forgot password" Having the sim card does not tell scammer what banking APPS are on your phone, what any saved userids are, or even what banks you use.
2. Service provider always is supposed to ask for passcode or answer to secret questions before believing anything. They should also attempt to call/text/email the phone first.
I couldn’t find the link to the study. Is it in the description?
I didn't put it in there initially. I've added it now (thanks for the tip). Here it is: www.issms2fasecure.com/
@@AllThingsSecured thanks Josh! Keep making great content !!!!
Can You Do A video about Efani please how to set it up
How good is esim for sim swap
I never save bank account passwords. How do criminals access to the bank account in this case?