One common scam that bad actors use to gain access to users’ cryptocurrency is called SIM swapping. SIM cards are small plastic chips that tell phones what phone number to use and what cellular network(s) to connect to. SIM swapping allows hackers to circumvent two-factor authentication requirements by replacing your SIM card and phone number with their own. The hacker will call your wireless provider and, using information available through social media, data breaches, or other means, convince the provider to transfer the SIM card linked to your phone number to a SIM card in their possession.
What is Two-Factor Authentication?
Usually, users who sign up with a cryptocurrency exchange have the option to add two-factor authentication to their account. Two-factor authentication provides an extra layer of security by forcing users to verify their identity using two separate methods of authentication. A common form of two-factor authentication is the use of a rigid computer password followed by the entry of a constantly changing code accessible through a user’s phone.
How Can I Avoid Being the Victim of A SIM Swapping Scam?
If you employ the following recommendations, you are less likely to fall victim to a SIM swapping scam:
Do not use SMS text messaging for two-factor authentication if you can avoid it. SMS stands for Short Messaging Service—the main technology phones use to send text messages of up to 160 characters without an attached file. Instead, use a third-party application to generate your access code, such as Authy, Google Authenticator, or Microsoft Authenticator. Even better, if your exchange offers it, use a physical mechanism for two-factor authentication, such as a USB key, card reader, or RFID device.
Keep in mind that certain exchanges only offer two-factor authentication through SMS. In that case, we recommend calling your wireless provider and setting up a password or additional form of authentication to your account. That way, a hacker would require access to your physical device (and a way to bypass related security measures) to execute transactions using your crypto wallet.
Use password managers—computer programs that allow users to store, access, and generate passwords for online services such as cryptocurrency exchanges. Make sure to store your password in a private area, preferably offline, and do not use the same password across multiple accounts.
Cryptocurrency wallet software will often generate a unique seed phrase – a collection of random words that can be input to recover your crypto wallet in the event you cannot remember/access your password. Similarly, store this seed phrase in a private area, preferably offline.
Finally, be skeptical and verify the legitimacy of any communication regarding your crypto wallet. Cryptocurrency exchange representatives will not ask you to share your password over the phone or through social media. Nor will they ask you to share your screen with them. Report any such phishing scams to the exchange directly.