She had MFA turned on, a strong password, wasn't phished but still got hacked! Someone called her mobile provider and fooled the customer service rep into giving away her cell phone line. And those criminals are now using the text codes sent to her phone to reset her passwords everywhere. This type of hack is known as SIM Swapping.
This Wizer story is based on a TRUE story we dramatized (played by an actor). You can find many more free security awareness videos like this in the Wizer Portal.
Transcript - What Is SIM Swapping
So I was having a quiet dinner at home with my husband the other night and get this alert about a password change to my email account. Within seconds, more and more notifications started flooding my phone. I was like, OMG what is happening?!?!?
That’s when it hit me - I'm getting hacked! My stomach just dropped. How? I have a SUPER strong password and multi-factor authentication, you know those text codes you get when you log in. And I definitely didn’t click any dodgy links.
This could only happen if the scammers had my phone! I was freaking out! I didn’t have service so I used my husband’s phone to call our cell provider. After I told them what was going on, they said:
“Sorry ma’am, but you just requested that we activate your SIM Card from somewhere else. You even sent us your photo ID. We can’t help something that you just did!”
But here’s the thing, I didn’t. Someone fooled the customer service rep and they basically gave away my cell phone line. And those criminals are now using the text codes that are being sent to my phone to reset my passwords everywhere.
I have no idea how they got my photo ID - maybe from a previous hack? - or how they knew the answers to my security questions - possibly from my social media?
But who would have thought that a customer service rep would have the keys to my entire digital life. Because they got fooled, I’m now suffering the consequences. It’s enough that I need to know how to protect myself online, but now I also have to protect myself against them.
How To Avoid a SIM Swapping Hack
Don't rely on your mobile service provider for your Multi Factor Authentication or in other words don't use text-based messaging as your multi-factor authentication. Instead, use an authenticator app like Google Authentication or Microsoft Authentication, or even better a USB security key. Also share these Wizer security awareness videos with your family and co-workers to help raise awareness.