Protect Your Bitcoins from Sim Swap Fraud
As I write this article, bitcoin is hovering around $9,700, its highest value for over a year now. The bearish sentiment is gone. The FOMO (Fear of Missing Out) is about to kick in. But are your bitcoins safe?
There are a number of ways to keep your cryptocurrency safe. The safest is to put them in hardware wallets such as Trezor or take them offline and store them on bitcoin paper wallets. Such measures keep your crypto away from the Internet and only you will have access to it.
Let’s face it though that many of us, especially beginner and mid-experienced traders and hodlers might be keeping a significant portion of our coins on online wallets or mobile wallets. They are often called “hot wallets” because you can freely store and send coins easily with such wallets.
Which means our crypto holdings* are on our phone**.
*Technically it’s not on the phone but somewhere in the blockchain but let’s not discuss that here. For simplicity’s sake, let’s just say that the coins are on our phones because the apps that have these coins are installed on our phones.
**The apps actually don’t have the coins. The coins are really on the blockchain, but again let’s not discuss it for now.)
Majority of mobile crypto fraud happens because of poor password security. Users unwillingly decline to elect 2-factor authentication. 2-factor authentication is when a website or service, for example – Coins.ph, requires more than just our passwords to open the wallet to really make sure that the owner of the wallet is really the one logging in.
Many websites and apps however still use SMS 2FA (SMS 2-factor authentication). This is where an app will send a message to your mobile phone containing a code that you will input to the app apart from your password.
And this is not safe because of Sim Swapping fraud.
In Sim Swapping, a cybercriminal obtains access to your phone number surprisingly through the most human of techniques – pretending to be you in real life.
How it happens, the criminal will go to a mobile phone operator branch and tell the personnel that they have lost their phone. They will then request that they are given a new sim card with the same number as the lost phone. If there is negligence on the part of the the personnel, the criminal will get access to your phone number.
Imagine browsing on your phone via LTE and then suddenly you have no signal. You can’t call or even text because someone went to the telco branch to pretend like you and gain access to your phone number. That is sim swap fraud.
Take note that the cybercriminal does not need to go to the telco branch to perform the activity. If they have a target app they want to gain access to, for example – your e-wallet apps, they can also try calling customer service support of these wallet apps to report a lost phone so that they can have the number replaced.
I’m not saying that the companies where we entrust our data and identity will be easily fooled by such schemes. They have measures against this. But it can happen.
You tie your phone number to a lot of things – like your email. And you tie almost everything in your online life to your email, including your accounts on cryptocurrency exchanges and wallets.
Most importantly, you tie your phone number to your identity. Think of what will happen if a criminal will pretend as you to commit criminal acts. And it all started because of a sim swap scheme.
Thankfully, atleast in the Philippines, the National Privacy Commission (NPC) has instructed our telco operators to enforce more stringent measures against sim swapping fraud.
For its part, Globe can utilize their GCash facility for identity authentication. But we can’t rely on these companies, be it the mobile phone operator or the crypto apps to protect our identity.
How to prevent SIM SWAP Fraud ourselves
- Do not overshare information about yourself online.
- Most of the time, these criminals will collect as much data as they can about you on social media. Details such as your birthday, your address, the places you visit, the apps you use, the names of your relatives. These are details that can taken advantage of by a criminal for identification verification.
- Never brag your crypto holdings online.
- Do not brag about your earnings, the crypto apps you use, unless you are sure that your accounts are well protected.
- Use Google Authenticator or other authenticator apps instead of using your phone number for 2-factor authentication.
- In this way, even if the criminal gains access to your phone number, they will not be able to access the apps where you elected to use Google Authenticator as 2FA.
There are a lot of other ways for your cryptocurrency holdings to get taken from you. One example is when the cryptocurrency exchange that you use gets hacked (unless it has SAFU funds). While the safest way to protect your holdings are through hardware and paper wallets, we can never fault anyone for choosing to store their coins on online hot wallets. What’s important is that you find ways to make sure that you are doing your part to have your holdings protected.
This article originally appeared on BitPinas: How To Protect Your Cryptocurrency From Sim Swap Fraud