Cell phones have become an integral part of the lives of many people in that without them, it sometimes seems that the individual is disconnected from the world. Its use has extended to security in ways that we never would have thought possible.
However, security experts are saying that revealing your phone number to strangers or even on websites could pose a security threat to your finances because hackers are using a technique known as SIM swap to steal cryptocurrencies and funds from bank accounts.
A Californian man is suing AT&T for negligence after hackers used his phone number to steal his cryptocurrencies stored in an online exchange. Michael Terpin is demanding $224 million in damages for the loss of $24 million worth of digital currencies. He likened the action of the telecom company as “a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner.”
Kyle Samani, the managing partner at Multicoin Capital, a hedge fund explained the situation when he said that “In online banking, if someone gets into your account there’s ways to get the money back. In crypto, if hackers get access to your private keys, they own your money and you’re screwed.”
Hacks and losses is not a new phenomenon in the digital world and Michael Terpin is not alone in his losses. It is estimated that as at June 2018, the amount of digital currencies lost to hackers is valued at $1.6 billion.
The situation has gotten so serious that cyber security experts are advising holders of digital currencies to guard their phone numbers the way they protect their social security numbers.
Telecommunications store employees can assign any number to a device with the right authorization. The basic requirements have been to answer certain security questions such as date of birth or social security number. Even though getting access to such data may not come cheap, it is still possible.
Aaron Higbee, the chief technology officer at Cofense mentioned that data is bought and sold on the Dark Web, making it possible for hackers to lay hold on such sensitive information. He said “If your phone number is of a sufficient age, you’re on a database somewhere.”
Granted, a person’s birthday alone may not be able to give hackers access to financial accounts such as bank funds and crypto wallet, but in conjunction with the target’s phone number, a hacker can wreck havoc.
Sometimes, some websites require two-factor authentication in which the site sends codes to a cell phone with which the owner confirms that they are really the ones trying to gain access, however, if a hacker is the one in possession of the phone number, there may be no way for the real owner to gain access to their accounts.
Informed crypto investors have learnt to keep their funds in cold storage. This is the act of placing digital currencies in a wallet that is not connected to the internet.
Investors are also advised not to leave most of their cryptocurrencies in exchanges for extended periods of time because these are sometimes hacked. Carrying most of your earnings in your pocket is not a good idea according to Higbee who also advices having alternative authenticator applications such as Google and Microsoft authenticators.