7 Tips To Avoid SIM Swap Attacks! What is SIM Swapping?

should I buy a second sim? or a thrid

Just stumbled upon your channel since I've started to strengthen my security seriously. Great content. Thank you

just SUE your provider

What do you think about efani? Do you think your suggestions are enough?, or paying the $99 per month is worth it?

This is good advice. I'm leaving my browser open on this video and I'll watch it again but I plan on implementing much if not all of this. Thanks!

Thank you for this!!!

Ha-ha, so somewhere there in "advanced OmeriGa" one can call mobile provider and ask to switch SIM based on statement that the caller is a real owner of a "stolen" phone, even without presenting himself alive to the provider service center to prove the identity of a subject?

If I get a new SIM Card and Phone Number, will that stop 'Spam Calls' ?

So how do they get your social medias info?

Message in a bottle..., Ive been social enginered, in sweden (didnt know they had customer support in swedish) I got hit by roaming mantis, cosmicstrand, both UEFI / lojax full control and a variant of xhelper. They have access over my gmail, and I cant do anything. Ive even tried installing linux with n external USB, but they have UEFI access so didnt succeed. Im alone here, so if someone see this.

Please help me! they have control over my number with simcard jacking introduced after getting full access on one phone.

Everything since rented out my appartment and they didnt pay rent so i cut internet, then I can see in the loggs (afterwards) tried to get free internet from me. That open the backdoor on my huw awei router and now my asus laptop, zenfone 9 , my girlfriends mac and her iphone.

They have supershell access to this computer, and i dont even no if this comment will end up and your place shannon . But IF it do, please help me! i have lost everything and have nothing, i cant even pay my re nt. All accounts down. Im just a teacher and have been sick for 3 weeks now trying to solve this. But its not possible. If you help me I will be one of your paying subscriber forever.

I worked with IT a long time ago (2011) I have done everything I know, but cant stop it. They just gaind more access, now having it all. THese 3 weeks of h ell making all my devices rooted with different malwares. DNS rerout, cookie poison, server cookie poison, everything. My m 4li is 1 a t u r ld o t1 with the last numbrs being the numbr equalent to letters. please somebody, help.

Thank you Shannon!! I do gotta warn everyone to NOT use Google Auth. Instead use a FOSS 2FA app with export/import & encrypted backup options like AndOTP or FreeOTP. Google Authenticator does NOT backup app data nor store tolkens in device cloud backups. If you lose your device, reset, or it gets bricked — you're now locked out of EVERYTHING, possibly indefinitely unless you wrote down/saved backup codes to every single acct years ago.

No one took backup codes seriously when 2FA began because tech companies didn't bother simply explaining what they were. For that "frictionless experience," they just told users to quickly "screenshot" codes & "not share with anyone." Some also gave small print option to "download codes" to an obligatory vaguely named txt file, likely saved to your massive downloads folder (or somewhere you'll never find them without the goddamn file name, which never include app/acct name, and only sometimes include the word "backup" or "codes").

Thanks to trusting Google Auth (and Authy is no better) I learned all this the hard way after my phone was accidentally factory reset! Logging in fresh on a new device will show zero 2FA accts. They're not backed up nor synced between platforms/OSes. You'll also never locate that screenshot (plus that's extremely insecure), and while I've found plenty of random backup code txt files saved between my Android, iPad Pro, Drive & iCloud — absolutely none of them name the app they came from. It's impossible to get back into your acct unless you kept SMS auth as a backup... Something I disabled after first learning about SIM swapping, and I'm still locked out of my IG to this day because of Google Auth/disabling SMS (keep SMS as backup auth on any platform with this option!!). We're talking old emails & social media accts on apps we stay logged into, which make us rarely think about logins.
Now, I physically write (legibly) every single alpha-numeric code in a notebook I keep locked-up & save them in my password manager: Bitwarden .

Thanks to Google Auth not backing up app data — I've been locked out of my own personal IG acct for >3 yrs (despite it being linked to my business IG & my FB... IG/FB decided to mess with connected logins/authentication between linked accts). After I accidentally reset my OnePlus nearly 3 yrs ago, I found everything was backed up EXCEPT FOR Google Auth. I use an iPad as well, and thankfully was still logged in to most of my social media and email accts — except for my personal IG acct because iOS likes to randomly log you out of apps... And logged me out of only my personal IG, but not my linked business acct. I immediately opened every single app, went to settings, & switched 2FA back to SMS because I just experienced Google Auth erase everything. Endless threads on Google support, Reddit, etc of others also learning this the hard way, and Google going "not our problem, this is what backup codes are for." Google Auth, at the time, didn't sync between devices (and likely still doesn't) — so only the few 2FA accts created on my iPad remained in Google Auth (but not backed up should something happen). Thus, I went looking for a 2FA app that simply has a backup feature. AndOTP also exports so you can switch to other apps, and offers both encrypted and unencrypted. I personally export both, just in case there's a bug with the encrypted json file, and then encrypt file using a FOSS encryption app & save key to my password manager → then manually upload to app backup folder I created in Drive. For platforms that won't give 2FA alt to Google Auth, I'm forced to stick with SMS. It takes a bit of work, but most have a hidden setting allowing 2FA setup with another app, or at least let you manually configure allowing you to use AndOTP in place of Google Auth. The apps that launch Google Auth and automate the process, however, make it impossible.

The best starting place to lockdown accts due to breaches, besides enabling any 2FA — can't stress enough to use SMS over Google Auth if you can't/won't use alternative that has backup/export — is at the email level (assuming everyone knows not to resuse passwords now, and use password manager... But not LastPass because frequent hacks & "breaches"). Always use a proxy email for logins, so your real email address can't get "leaked." Outlook (free version) offers feature for free, but it's buried deep in adv acct settings. I ensure only the primary acct can login to the email (lets you swap & remove/add primary), and never give out/use primary email for logins, except as a backup email if I'm locked out of another email acct. But even then, I'm careful about compartmentalizing email accts. I have over a dozen emails when including the proxies, but it's not hard to keep track since they're separated into groups: social media, banking, retail/random site logins like Quora/Wiki, junk, personal, business, and then extremely high security instances like password manager, or instances where I need more anonymity (i.e. a "throwaway" that doesn't get thrown away, rarely used, and can swap proxy instead of core email acct). Most people lose everything when important email login credentials are leaked in data breaches, and that email address reuses password already in password cracking lists or is connected to a backup email that does, and from there connected accts can be discovered and password resets used maliciously. If the email(s) used for logins can't be used to login to the email acct itself, it's impossible for this worst case scenario to play out. For it's own reasons, proxy emails are almost as important as 2FA, are extremely helpful for platforms with frequent breaches that refuse to implement 2FA (hi, Netflix) — because while using PW manager to not reuse passwords is extremely important, it does nothing to minimize damage done by PID/emails exposed by monthly Netflix "breaches."

Netflix, for example, demands too much PID for a streaming platform, then refuses to hide/redact it from your profile visible to anyone logged into to your acct. Only by using a proxy email and compartmentalizing, can you reasonable secure your Netflix acct with just another password change. I've otherwise had to change acct email address 3 times. It's really great how Netflix stopped blocking suspicious logins from IP addresses in India, and stopped emailing customers warnings about failed login attempts or suspicious logins altogether. It's less secure than ever, yet used by almost everyone. Netflix's "crackdown" on so-called "password sharing" was beyond hypocritical. Great, so now when my less tech savvy Mom who refuses to use a password manager gets her Netflix hacked, it blocks her from streaming, accusing her of trying to stream on more than 1 device!! After days of only intermittently being able to stream before getting "kicked off," she finally tells me, I tell her I think her acct's been hijacked, I login to her acct on browser (nice how Netflix removed acct settings from app), and have to nav around all the movie menus to view acct and see various devices logged in in diff states and countries!! Kick everyone off, change password, and wait for it to happen again in a few months. Meanwhile, most customers have no idea & think there's something wrong with their WiFi or an app bug. They keep paying, while some rando uses it, all because Netflix wants $20/mo for more than 1 screen, won't do 2FA, stopped warning of suspicious logins, and somehow gets away with constant "data breaches" that it never reports.

a little late to the watching this video! lol! I work in fraud for a big communication company and the biggest thing a person can do to protect them self is protect your phone number and your email. You give real good advice!!

Thanks!

In Malaysia, SIM card replacement requires walk-in to nearest mobile center, inserting the national ID to a validator device, scanning a thumbprint to validate ID ownership before proceeding to print the SIM card. New SIM Card registration requires a national ID or Passport for foreigner. Liability falls on the registrant if the number is used for criminal activities. You can keep same phone number even if you switch carriers

Hi, Can you make a video about SIM LOCK, this feature available in Android and iPhone. How is the sim lock work? Would it prevent SIM SWAP? AND further more about Esim. Would Esim prevent sim swap since it's not a physical sim card? Thanks

Hi, Shannon. I have a question. Do I need each ubit key for one application or can I put multiple applications into 1 ubit key?

Using a google phone number is not as secure as having a phone number through your carrier because Google can always get hacked and because you don’t own the number that google gave you because it’s free it’s not the most protected option

Here's my tip after getting SIM swapped weeks after I switched to a new carrier: Request upgraded security on your account. That means that the carrier will disable you from accessing your account on their website to make any account changes. Your 8 digit PIN code won't work. The only way you can make changes to your account is to go in to a corporate location and show them your ID or provide an alpha numeric password that you set up when requesting the security upgrade.

God, you are so adorabley cute.

You are a cute letting us know about this threats. I was hacked so many times. Last time I couldn't use my Facebook or WhatsApp sending OR receiving photos, videos or voice message. Thanks for your help. I am appreciating it.

Thank you so much for this.

If only people actually saw other human beings as human beings with emotions and feelings and didn’t hack people and steal everything they own for their own benefit 🙃

☝️☝️Your really a ☝️reliable plug I ever made successful deals with all time✅💯

🤔many many thanks to you
...

Wow that is a lot if information. I will have to watch a few times and take notes! Thank you.

No banks will send a OTP to a voip # like google voice at this time in 2022

Hello - what is the liability for selling a SIM card not in use by your phone account anymore?

if someone called up and gave the wrong birthday or mothers middle/ maiden name or something that could not be remembered wrong and the company doesn't or can't report that to authorities they are partially/ unintentionally allowing ID theifs to incentivise their efforts. Collecting statistics like that might at least give some insight on how rampant ID theft is in different areas

I got threatened so hard on my ps4 just bc I beat him in a rocket league game 🤦

Thank You for All that you are doing for World Peace and for our Planet...
Peace.. Shalom.. Salam.. Namaste ..
🙏🏻 😊 🌈 ✌🌷 ☮️ ❤️ 💐 🕊

This information is great. Too bad that the way I found this video is because I was SIM swapped and over $11,000 was stolen from me. But going for are, I will use some of these tips.

Imagine how much fraud could've been prevented (and still could be) if big tech companies just eased up a tiny bit and gave us easy, simple ways to protect our data. The Metaverse will be a huge flop when 8/10 ppl are hackers or lonely men playing pocket pool while they talk to you.
Can't the internet just stay 2003-style?

Hi, just a thought here, how about having another phone or with a dual sim phone have another sim purely for all finances, ie banks, crypto exchanges ect ect and not used for anything else, ie phone calls messages ect. And furthermore, on this phone have a sim pin/passcode?

A very comprehensive critique of sim swap security! Thank you!

What to do after you got scammed, I lost over $1000.

Just happened to me… 2021

Mam i have a question please respond if you see this. I just activated a sim against my identity. Please respond to my query i will explain more.

OMG .. I wonder how many people have changed there secret answer to " a scrub is a guy who can't get no love from me"

How can we know or confirm that our sim is cloned by someone or not?

Thank you!!! If you stopped using SMS 2FA, wouldn't that completely eliminate the ability to SIM swap???

Feck your mobile phone providers. They are morons if they allow sim swap scam. This shouldn't even happen. I am located in Europe and have to go to the store and confirm my identity to make a change like this. 2FA is a double edge sword. I had to buy a new sim with a new number and it was quite a pain to make all changes and go to my bank etc. It was a real "fun".

what recourse does one have when they are a victim of this? do the phone carriers reimburse the person for any money lost stemming from this sim swap breach? money lost from bank accounts, brokerage accounts? do you recommend reporting such an incident to the police?

Im here, but the damage has already been done. Heart broken

Thank u..very helpful..

Hello Morse, Another thing is that can they still steal your account if they don't know your number? Is there any way they can do that?

Is it advisable to use your channel email account to buy any video editing app or audio for your channel?

I didn't know about Google Voice, living in an area without cell service means I can't use text messages for 2FA, perhaps this will work.

Thanks! good stuff