SIM swap scams and hacks: Are you protecting your data?

Fact Checked

It seems like every week we see another Aussie company hit by a cybersecurity attack, with Dodo and iPrimus the latest. Hackers are becoming increasingly smart and incredibly bold with their attacks, but there are still ways for customers to protect themselves. Our phones and phone numbers have become incredibly important for storing our data, so customers should be diligent about measures to protect their personal information.

Over 1,600 Dodo and iPrimus customers impacted by cyber attack

Approximately 1,600 Dodo and iPrimus customers had their email accounts breached during a cyber hacking incident.

Dodo and iPrimus’ parent company Vocus, released a statement regarding the attack saying, “Our initial investigation has revealed unauthorised access to approximately 1,600 email accounts, leading to unauthorised SIM swaps on 34 Dodo mobile accounts.”

Vocus stated that the Dodo email accounts had been suspended to prevent any further details from being stolen after the suspicious activity was noticed.

A website that tracks network and website outages showed a large spike in Vocus Group customers who experienced a network or website interruption during the attack.

Customers who were impacted by the SIM swapping have since had this reversed and email accounts have been restored.

Since the incident, a Vocus spokesperson said, “We continue to update our customers through our website and social media channels and will be offering additional support to our customers through IDCare.”

IDCare is a not for profit identity and cyber support organisation that helps individuals and businesses to better protect their online data.

Dodo and iPrimus customers are encouraged to reach out to change their passwords and secure their account further, even if they were not a victim of this attack.

What is SIM swapping?

SIM swapping is a type of fraud where cyber criminals use stolen data to move a victim’s phone number over to a different SIM card. Typically the hacker will use stolen personal data, such as birthdays and addresses, to impersonate a victim and convince their mobile carrier that it is a legitimate number porting request.

By doing this, the hacker can access phone calls, text messages and access any multi-factor authentication codes that come through. There are a number of implications that come with a SIM swap:

• Financial theft: If the hacker is able to access your online banking, they can steal your money or make transactions with your funds. The hacker can also open additional bank accounts in your name which can negatively affect your credit score.
• Identity fraud: If cyber criminals get hold of your personal information and accounts, they can impersonate you and use your name and details for actions without your consent.

How can I protect myself from SIM swapping and data hacking?

• Use a virtual private network (VPN): A VPN routes your internet usage through a secure remote server, which provides an encrypted connection between your device and the internet. This protects your data and identity from being accessed by hackers or cyber criminals and keeps your online activity safer. You can get free VPNs, however these can be risky, with slower speeds, data limits and even data selling. Reliable VPNs can cost anywhere from $5 to $20 per month depending on your choice of provider.
• Use stronger passwords: Easy to guess passwords can put your online accounts at risk, especially if you use these passwords for multiple accounts or services. Avoid using common phrases and words or personal information like birthdays or names. Especially avoid the classic Password123. Use a range of numbers, letters, symbols and capitalisation to put together your complex passwords. Passphrases are another great way to make a strong password. These are a string of words that typically wouldn’t be used together.
• Utilise a password manager service: Password managers can help to create complex, hard to guess passwords to keep your accounts safe. If you’d prefer to choose your own strong passwords, a password manager allows you to store your logins and passwords, while requiring a single master password and typically with multifactor authentication. These systems are encrypted and eliminate the need to remember multiple, complex passwords.
• Set up multifactor authentication for accounts: Multifactor authentication is a way to verify your identity when logging into an account. It requires proof of identity, usually in the form of a code sent via email or SMS, facial or finger print recognition software or a login approval via a linked app. Putting these multifactor authentication systems in place on your important accounts can be a great preventative measure. The only trouble with multifactor authentication is if you were to lose your device it’s linked to. This can make things more difficult, but not impossible.

How can I tell if I have been a victim of SIM swapping?

There may be some signs that you have had your SIM swapped unknowingly.

• Loss of phone service: Your mobile service has suddenly cut out or your phone displays ‘SOS’, but other customers on the same network aren’t affected or there is no known network outage.
• You received a notice from your carrier: You received a notification that your SIM card or phone number has been activated or transferred, when you haven’t requested a change or switched phone providers.
• You’ve noticed suspicious transactions: Your bank account shows suspicious transactions that you haven’t made. A hacker may have access to your banking accounts.
• Loss of access to accounts: Your logins and passwords have changed without your involvement or you no longer have access to your accounts.

What can I do if I think I have been hacked?

If you believe you have been hacked or you’ve had your SIM swapped, act immediately — the longer you wait, the more time the hackers have to steal your information. Here are some actions you can take:

• Contact your financial institution: To avoid financial theft or further financial theft, contact your bank, cancel any cards that have been compromised and follow your bank’s instructions.
• Change your passwords and log out of all accounts: If possible, change your password to a stronger one that hasn’t been used for other accounts for more security. Some services you use may have a setting where you can log out of all active device sessions. You may be able to log the hacker out and then change your password.
• Contact your mobile carrier: If you suspect that your SIM has been swapped, contact your telco, explain the situation and ensure they investigate and return your account back to you. Different institutions will have different processes for recovering your services, however they will typically require multiple items of ID to prove your identity.

The thought of hacking and SIM swapping can be scary, especially when it repeatedly makes news headlines. However, putting some preventative measures in place can help protect you and your data.