'tis the season for SIM hijacking
With the holiday season upon us, there is a heavy increase of targeted online attacks. A recent article on The Verge exposed a dangerous form of hacking called SIM hijacking. Last year, a vulnerability in T-Mobile’s website allowed hackers to access customer information that could be used in a SIM swap. The only thing the hacker needs is your phone number. They call your phone company pretending to be you. Next, they say they have a new phone they need your phone number transferred to. The phone company transfers your phone number to the hacker’s phone and it’s done.

One minute, you’re using your phone as normal. The next minute, you lose cell service. “No SIM,” a message in the top left corner reads. You’re confused. You grab your computer, and try to login to your email. The password has been changed. Same with your Facebook. Your phone rings, apparently switched back on. On the other side the hacker who has been successful in SIM hijacking, tells you that he’s stolen your phone number and your accounts, and that he’ll give them back if you send him Bitcoin.

– The Verge

Tips for keeping your accounts protected from SIM Hijacking and other techniques this holiday season

Account Users prevents SIM hijacking

Manage Your Users

Earlier this year we released a new feature that allows you to create multiple user logins for an account. The best part is being able to customize each dashboard to the work that the individual user needs to do in the account. This ensures that everyone who needs, can have access to the account but only those who require access to critical account functions will have that ability.
Setting up multiple users helps to keep your account operating efficiently and securely. Companies often get in a pickle when they leave a single person in charge of their domain portfolio. If anything happens to that person such as they leave for vacation or onto a new role, important tasks often fall through the cracks. For example, critical domains are not renewed and expire. In other cases, a disgruntled ex-employee could hijack the account and refuse to return it. Similar as to what we are seeing with SIM hijacking, anyone with unauthorized access can wreak havoc on your brand and cost your business greatly. 

Lock It Up

Security is a top priority at 101domain. Securing your account with an IP Lock shows that it is a major concern for you as well. An IP Account Lock allows advanced users to restrict account access to designated IP addresses.

This is a very simple way to protect your account from attacks like SIM hijacking. The greatest challenge is figuring out which IP addresses to use. You are allowed to add up to 5 static IP addresses that will determine which computers and computer networks are able to access your account.

If you are not familiar with network settings our domain specialists will be happy to help you. The last thing we want is for you to accidentally lock yourself out!

IP Account Lock hugger

Add Another Factor

We use our cell phone to secure all of our important accounts with two-factor authentication and password retrieval. If you think about it, our phone number is almost like our social security number today. We should be protecting it instead of giving it out to everyone. You should only rely on SMS as a security backup and only in addition to another factor like two-factor authentication.

In conclusion – it’s quite frankly terrifying what hackers have the ability to do. If you are interested in learning more about SIM hijacking we highly suggest this very thrilling Reply All podcast episode on the matter. But in practice, prevention is the best precaution. Check-up on your account regularly, change your password every few months, and follow the tips above to secure your account for success this holiday season.