A lot of online services and websites offer users the ability to protect their accounts using two-factor authentication through phone text. This post will go over a way that hackers have found in order to do just that.

A SIM swapping is a technique used by a cyber-criminal in order to take control of accounts that use two-factor authentication. To achieve this goal the attacker takes advantage of the fact that cellphone carriers give their customers the option of porting their old sim card information into a new one if their phone has been lost or stolen.

Hackers exploit this service by pretending to be the legitimate owner of the number and asking for a SIM swap. This leaves the victim exposed to loosing control and access to their accounts as the attacker can now request password changes to the email addresses associated with phone number of the victim and by extension do the same for their other accounts.

In order to mitigate this risk we recommend using an authenticator app with an verification method which generates a temporary password without relying on mobile services.