SIM swapping is a known form of fraud where a cybercriminal takes control of your mobile phone account to transfer your number to another phone or carrier. Google Fi now offers its customers additional protection against this type of account theft.
SIM card fraud
Google describes this new feature as an extra layer of protection against illegal SIM swaps. The option is available to customers of Google Fi, the default mobile operator available in the United States. When the lock is activated, it becomes impossible to transfer your number to another phone or carrier.
With the widespread use of mobile phones, SIM swapping has become a popular tactic, widely used by scammers who can target any user. As shown on Google Support Page :
SIM swapping is when someone steals your phone number by convincing your carrier to transfer your phone number to a SIM card they own. For example, someone could call your carrier, impersonate you, and convince the carrier that you lost your phone and need to transfer your number to a new phone.
To protect your Google Fi or any other mobile account from SIM swapping, it’s a good idea to set up two-factor authentication. In this case, a scammer shouldn’t be able to access your account without this second form of verification. However, the type of two-factor authentication you choose makes a big difference.
Two-factor authentication
The least secure method is standard SMS authentication. This involves sending a text message to your cell phone with a code that you must confirm. For example, if you need to sign in to the Google Fi app or website, you’ll be prompted to accept the security request on your phone.
The problem with SMS text messages is that online scammers can intercept or capture that text, steal the code, and pretend to be you. Some criminals go even further. Scammers have offered money to former T-Mobile and Verizon employees to help them complete SIM swaps.
The most secure and popular authentication methods are an authentication app and a physical security key. With software like Google Authenticator or Microsoft Authenticator, the app displays a token number that changes every 30 seconds that you must enter or verify to log in. A security key is more secure because it requires physical access to allow you to log in to a supported account.
“Devoted gamer. Webaholic. Infuriatingly humble social media trailblazer. Lifelong internet expert.”
