SIMSWAPPINGI saw many other threads on here detailing various scams, security issues etc.
Oddly enough I didn't see one which is most prominent in the crypto community, simswapping.
This guide will give a basic overview of what simswapping is and how to protect yourself.
Chapter I - Introduction to sim-swappingLets start by answering one of the first questions that come to mind, what is a "Sim Swap"?.
Sim swapping, otherwise known as a port-out scam is when a malicious attacker uses a complex process of social engineering to swap a victim's phone number to their own phone. Sim swapping usually involves either social engineering an employee of a telecom company, or by using a "plug" (an insider employee in the telecom company who is in kahoots with the malicious attackers and performs the swaps for them with loose or no verification checks).
This method of fraud has skyrocketed in popularity over the past few years, especially in the crypto community, as so many people put blind faith in multi-billion dollar telecom companies to keep their financial assets safe.
Chapter II - Why it is so dangerous?Sim-swapping is so dangerous because people blindly put faith in telecom companies to secure their accounts.
This blind faith has become too common place because both the telecom companies and companies have created a false sense of security around phone numbers.
It is now far too common that companies require people to use their phone number as a recovery tool for accounts, and it is far too common that people use SMS/Phone # based 2-Factor-Authentication and believe that they are completely secure. The Sim swappers prey on this ignorance and false sense of security that people give themselves bu using shitty broken account protection systems.
It's far too easy to assume that only people who have little to no knowledge of cybersecurity are the only people that fall victim to this scam, people who don't have too much to lose. The reality of the situation is that this is a relatively new method of fraud, not many people are too aware of it to begin with. People have literally lost millions of dollars to this ingenious scam (Articles linked in appendix). Telecom companies and these Sim swappers are in a constant arms-race, and so far, Sim swappers are winning.
Chapter III - How to protect yourself from sim-swappingSadly, most telecom companies do not provide the tools required to protect yourself from simswappers, a case study on how even requesting extra security features on your mobile account will not protect you from being simswapped. There are multiple different ways to protect yourself against simswapping. Lets start with the easiest to do. Stop using SMS-Based 2-Factor Authentication, and do not use a real phone number to register for sensitive services, there are better alternatives to each. For stronger, localised 2Factor Authentication, use a program such as Google Authenticator, Authy or any other trusted 2Fa service rather than SMS-Auth. But in some instances, this is not possible, there will be sites which don't allow the use of alternative 2FA applications, or they may require a phone number to verify your account, which could later be used as a means of account recovery, these glaring vulnerabilities can be circumvented by using "Google Voice". Google Voice is a google-run service which essentially allows you to have your own VOIP USA based number (Currently only available in USA), a google voice number can't be sim swapped, thus making it the safest to register for services. There are still analogue services which prevent 2FA apps other than SMS and prohibit VOIP numbers from being used for registration, and there will always be cracks in the infrastructure of telecom companies allowing hackers to exploit their services to be used against their customers. We as a global community of crypto enthusiasts, security freaks and just every day people need to take a stand against services and companies which refuse to give us the security and peace of mind that we deserve as their consumers!
EDIT, thanks o_e_l_e_o for the suggestion, google voice may not be too suitable of a candidate for this.
I think the safest option all round is to not use your phone number for 2FA or recovery on any account, and if you absolutely must use a phone number for something crypto related, then buy a prepaid SIM with cash that isn't linked to any of your personal details, and don't use it for anything else or tell anyone else the number.
AppendixSimswapping ring who stole millions arrested -
https://krebsonsecurity.com/2019/02/more-alleged-sim-swappers-face-justice/Single simswapper steals millions in crypto (xzayver narvaez) -
https://krebsonsecurity.com/2018/08/alleged-sim-swapper-arrested-in-california/Man requests extra security after first simswap, gets simswapped again and sues ATT for $224m -
https://krebsonsecurity.com/2018/08/hanging-up-on-mobile-in-the-name-of-security/Insider employees assist simswappers -
https://www.vice.com/en_us/article/d3n3am/att-and-verizon-employees-charged-sim-swapping-criminal-ringSingle simswapper steals $5m+ in crypto (joel ortiz) -
https://www.vice.com/en_us/article/gyaqnb/hacker-joel-ortiz-sim-swapping-10-years-in-prison
