In some ways, the protection of profiles on social networks, personal photos, smartphones, computers, bank accounts and many other things has become the norm. But in all this, we have forgotten one little thing that is to some extent responsible for the safety of the above-mentioned. SIM cards are usually the last and least protected line of defense on the way to our critical data and money.
Why is the SIM card so important? The answer is simple: this tiny piece of plastic with a soldered microchip takes care of information such as the contact list and service data, but also – which is of great importance – stores your phone number.
The increasingly common use of two-step verification often uses sending one-time codes via SMS. This means it is a kind of key to many (if not all) doors in your digital world: social network profiles, internet service credentials, and even e-banking. Just as the weakest link is an indicator of the reliability of an entire chain, the security of your personal data is determined by how well your number – in the sense of a SIM card – is protected against unwanted access.
Many sites, including Facebook and Gmail, and perhaps all online banking services, offer additional access protection by linking the account to a mobile number to which one-time passwords are sent in text messages.
Depending on the user’s settings and preferences, such passwords can be used to access the account, change the password or confirm transactions. This means that if an outsider manages to crack your first password, they won’t be able to access your account anyway because they won’t have a one-time code.
This approach to authorization can be considered one of the best ways to protect your assets online, although it is not ideal: it is important to ensure that only the rightful owner has access to the phone. And yet the equipment could be stolen or misused by someone else.
So what happens when your phone or the SIM card itself ends up in someone else’s hands?
The SIM card used in your smartphone can waste money and personal data
The worst-case scenario is losing your smartphone along with banking information stored on it. When a criminal puts his hand on him, he can steal all your money. Recently, the ability to transact directly between cards has become so common that this method of sending money is easily used.
„Your data is as safe as your SIM card.”
Buying online with a card is easy. During such transactions, you only need to have your card details and a one-time code sent to the phone number associated with the card. This means that even your sophisticated and complicated bank password will not be necessary. You will also not need the code you use to unlock the screen of your smartphone: just insert the SIM card into another device and receive messages.
Theoretically, illegal transactions can be settled with the bank. But it can be a difficult path: the bank will be almost certain that you were buying, and it will not be easy to prove it.
„Many online transactions require card details and a one-time code sent via SMS – the criminal will not even need a bank login.”
A less damaging scenario is the loss of the phone itself. The criminal has to put in more effort to get your money, but then he can easily get your personal data from many online services. It is quite simple to do: resetting passwords on many sites only requires a confirmation code sent to your phone.
Even the laziest hackers, while in possession of your phone or SIM card, will try to make use of at least your contact list and will massively send messages to your friends and family begging for money for various urgent reasons. The phrase often used by scammers, „no time to explain” is quite effective even when sent to strangers, let alone someone you know.
However, in order for criminals to benefit from your financial data, you don’t have to lose your phone completely – they can even access your SIM card temporarily. In just a few minutes, they can intercept an SMS containing a one-time password to execute a transaction via your online bank, or send a malicious link to someone on your friends list by mail.
So when you get your phone back, you will probably forget about the whole incident. And yet the temporary loss of a SIM card can bring financial loss and other troubles.
One of the methods of protection against the consequences of losing the SIM card is to enable the PIN code for the SIM card, but it must be quite difficult (the banal types 0000 or 1234 are not a good idea). This way, no one will be able to use your phone number on your device or on any other phone.