Let’s begin with the assumption that within 24 hours your usual mobile phone number will be hijacked by social engineers. They will use your number to gain access to every account you own that utilizes phone-based authentication and account recovery, like your email. They will then use that access and information to compromise more accounts, and harass, steal, blackmail and extort you and your associates. |
This happen to John Biggs from Tech Crunch: "At about 9pm on Tuesday, August 22 a hacker swapped his or her own SIM card with mine, presumably by calling T-Mobile. This, in turn, shut off network services to my phone and, moments later, allowed the hacker to change most of my Gmail passwords, my Facebook password, and text on my behalf. All of the two-factor notifications went, by default, to my phone number so I received none of them and in about two minutes I was locked out of my digital life." |
This trouble is not new, Bitcoin exchange Kraken warns of this and suggests a few tricks to keep yourself safe: Call your telco and set a passcode/PIN on your account, institute a port freeze and a sim lock, add a high-risk flag and close your online web-based management account. |