Cryptocurrency holders are usually attractive to black hat hackers and are vulnerable to SIM swapping attacks and phishing. Here’s what to know to protect yourself against SIM swapping attacks and phishing.
As cybercriminals become more sophisticated, their attacks become more challenging to avoid. Two of today’s most concerning types of cyberattacks for cryptoasset owners are SIM swapping and phishing. SIM swapping, however uncommon, can cause equally devastating effects, while Phishing accounts for most social engineering incidents (90%) and cyber-espionage kinds of attacks (81%). Here’s how to protect yourself against these type of cyberattacks.
Protect yourself from SIM swapping
SIM swapping is a kind of account attack in which the attacker breaks the two-factor authentication (2FA) security protocol by hijacking your phone number. The attack commonly begins with social engineering; scammers collect your personal details such as full name, address, phone number, then call your mobile phone provider to pretend to be you. Using different techniques, the attacker then convinces the employee to port your phone number to their subscriber identification module (SIM).
Usually, just requesting a password reset makes hijacking your phone number easier. The attacker can now break into your online bank account, email, and other accounts that require an SMS 2FA or a call. You should act immediately if your phone suddenly cannot make or receive calls.
To avoid this, don’t use your phone number with 2FA, where the second factor is an SMS-enabled authentication or a call. If possible, avoid giving your phone number or your email to other service providers at all.
If you have to give your phone number in accessing a specific service, ask your phone provider for additional layers of security to prevent number porting as some carriers provide this. You can also make your standard pin random and store it in a secure place, such as a password keeper.
Prevent phishing attacks
Phishing, a socially-engineered cyberattack, is used to obtain sensitive information, like usernames, passwords, public and private keys to cryptocurrency wallets, or bank/credit card details. Most phishing attacks are done through emails, but it can also come through texts/SMS, chat services, and social media.
The perpetrator disguises as a trusted entity to trick you to open a message that contains malicious links or attachments. The links will usually lead you to copycat sites of webpages of banks, online crypto-wallets, or payment processors. These copycat sites are designed for you to enter your usernames and passwords.
Cryptocurrency holders can be specific targets of these phishing scams. Mostly, the attackers pretend as some popular online wallet services and urge you to provide your credentials. In other instances, emails may contain attachments that seem relevant. In fact, it’s a malware that infects your device and scans your files to search for private keys to a cryptocurrency wallet.
If you received an email you were not expecting and seems suspicious, disregard it. Make sure to check the authenticity of the URLs included in the email and beware of URL redirects. Do not react impulsively to calls to action designed for a sense of urgency.
Protect your personal information and crypto asserts
Ownership over crypto assets is established solely through digital signatures, public and private keys. If an attacker gets a hold of your keys or your recovery phrase, it can result in your funds being lost forever.
Taking precautionary steps to safeguard your accounts, online identity, and cryptocurrency holdings, is worth the effort.
If you liked our “Protect Yourself Against SIM Swapping Attacks and Phishing” and found it useful, check this space regularly for more information and updates on cryptocurrency.