With the rise of advanced technologies, SIM-swapping and phishing scams have become increasingly sophisticated, posing significant threats to consumers’ personal and financial security. Experts warn that these scams are set to proliferate, exploiting vulnerabilities in our digital defenses.
The FBI Internet Crime Complaint Center reports a staggering 400% increase in SIM-swapping complaints from 2018 to 2021, with personal losses exceeding $68 million. Rachel Tobac, CEO of online security company SocialProof Security, suggests that these numbers are likely a vast underestimate due to underreporting. “Many identity theft cases go unreported, making it difficult to grasp the full scale of the issue,” says Tobac.
SIM-swapping scams allow criminals to hijack victims’ phone numbers, rerouting calls and texts to their devices. This enables them to intercept two-factor authentication codes and lock owners out of their accounts. The criminals use personal information obtained through data breaches, leaks, and phishing scams to convince mobile carriers to transfer the phone number to a new SIM card.
Prevention against SIM-swapping lies in fortified online security habits, including using multifactor authentication methods that do not rely on text messages. For instance, Touch ID or Face ID offer more secure alternatives. AT&T advises customers to set up unique passcodes with their carrier to prevent unauthorized access to their accounts and in the case of a SIM fraud, victims should diligently work with their carrier to resolve the issue.
Cybersecurity experts emphasize the critical role of strong passwords and changing them frequently. “If your credentials are caught in a cyber breach, the hackers could try using the stolen passwords to get into other services to gather personal data they need to pull off a SIM swap,” warns Rachel Tobac. She recommends using unique, complex passwords for different accounts to minimize risks.
Phishing scams are another prevalent threat, with attackers tricking victims into divulging sensitive information via deceptive emails or text messages. Proofpoint’s annual State of the Phish report highlights that human error remains the primary driver behind data breaches globally. Experts caution individuals to report any suspicious emails or messages to mitigate risks.
Apple has issued a warning to its iPhone users this week, highlighting an increase in SMS phishing campaigns targeting Apple’s customer base. The company advises users to be cautious and to never share personal data or security information with unknown sources. Jake Moore from ESET also stresses the importance of awareness around such threats, noting that as Apple’s market share grows, so does its allure for cybercriminals.
In related news, AT&T disclosed last Friday that nearly all its cellular customers were affected by a recent data breach, with hackers accessing information stored on a third-party cloud platform. Although the stolen data did not include sensitive personal information like Social Security numbers or dates of birth, it did consist of phone call and text message records that could be leveraged for future scams. The company has taken steps to close off the unauthorized access and is collaborating with law enforcement to track down the perpetrators.
Employment scams are also on the rise, fueled by advancements in artificial intelligence which enable scammers to create highly convincing fake job listings. The Identity Theft Resource Center (ITRC) reports a 118% increase in job scam complaints in 2023 compared to the previous year, with losses amounting to $367 million. Eva Velasquez, ITRC’s president and CEO, attributes this uptick to the growing prevalence of remote work which has made digital-only hiring seem legitimate to unsuspecting job seekers.
Employment scammers pose as recruiters on job search platforms like LinkedIn, tempting victims with fake positions and subsequently stealing their personal information. The Federal Trade Commission warns that the typical victim of an employment scam loses around $2,000. Jake Moore advises job seekers to be cautious and to verify the legitimacy of offers through official channels.
To combat these scams, experts recommend adopting a layered approach to online security. This includes using multifactor authentication and regularly updating passwords. Enzoic’s Founder & CTO explains that attackers often exploit weak authentication methods, making it vital for organizations to implement robust security measures. He suggests that traditional passwords combined with compromised password screening can still be effective second factors in scenarios where more secure options are not feasible.
Ultimately, awareness and proactive measures are crucial in defending against these evolving cyber threats. Staying informed and vigilant can help individuals and organizations alike protect their sensitive information from malicious actors.
News Sources
- One Tech Tip: Protecting yourself against SIM swapping
- Apple Warns iPhone Users—Do This Now To Stop Attacks
- AT&T data breach hits ‘nearly all’ customers – what you need to know
- Under The Microscope: The Risks Of One-Time Passwords’ Vulnerabilities
- Job Scams Surged 118% in 2023 – Aided by AI
Assisted by GAI and LLM Technologies
Source: HaystackID
