Increase Cyberattack Awareness

---

SIM-Swapping Cyberattacks

With enhanced cybersecurity, cyber criminals are looking for new ways to circumvent data protections. One data protection the university utilizes is multi-factor authentication (MFA). A new trend in cyberattacks to get around MFA is SIM-swapping. 

What is SIM-Swapping?

SIM-Swapping is when a cyber criminal maliciously tricks a mobile company into transferring a subscriber identity module (SIM) card from one user's cell phone profile to their own device in order to gain access to their data and activities.

Why is This a Threat?

SIM-Swapping is a threat because not only does it give a malicious actors access to a user's phone and cell phone activity, but security codes required for MFA are often sent via text and cybercriminals with fraudulent SIM cards can approve or complete account verification steps. They can use this fraudulent verification to access sensitive personal data, and/or to infiltrate company networks and access confidential business data.  

How SIM-Swapping Attacks Happen

To help protect your and the university's data, it's important to understand how SIM-swapping cyberattacks occur.

• A cybercriminal gets a user's personal information
  • Cybercriminals are looking for information that will allow them to maliciously act as a user such as name, date of birth, contact information, etc.
  • They can find this information from online profiles or phishing/smishing attempts.
• The cybercriminal manipulates the mobile carrier
  • A malicious actor will leverage the personal information gathered to persuade the phone company to swap SIM cards.
• The cybercriminal manipulates the user
  • A malicious actor may use social engineering to hack into the user's phone and connect the user's phone number to a different SIM card, bypassing the mobile carrier.
• The cybercriminal intercepts MFA requests
  • A malicious actor will then attempt to access accounts and will send the MFA request to the fraudulent SIM card so they can approve the attempt and access sensitive data. 

In some cases, the targeted individual or organization can identify the SIM-swapping attack and take precautions to protect their data by reporting the incident to the mobile company and IT security.

To report an IT security incident at the university, please contact the OIT Service Desk.

How to Prevent and Report SIM-Swapping 

• Create and maintain strong passwords
  • Cybercriminals need a user's password in order to do the SIM-swapping.
  • Create unique and strong passwords using capital letters, numbers, and special characters.
  • Update your passwords regularly.
  • Do not use the same password for multiple accounts.
• Protect personal information
  • Make social media accounts private.
  • Be mindful of the information you share publicly.
  • Refrain from sharing personal information over text or email.
  • Do not share personal information with any unknown or suspicious recipients.
• Discuss security offerings with mobile carrier
  • Some mobile carriers are developing extra safety precautions such as a personal PIN or extra security questions. 
• Be aware of any suspicious activity on your phone or accounts
  • Unanticipated mobile service outages, glitches or disruptions.
  • Suspicious account notifications.
  • Sudden account restrictions.
  • Unauthorized network activities or transactions. 
  • Unauthorized password resets on your account.
  • Getting locked out of accounts.
• Report any suspicious activity to the OIT Service Desk
  • Compromised accounts, suspicious account notifications, phishing, and smishing.

Multi-Factor Authentication (MFA) Phishing 

One way to protect against cyber vulnerabilities is to utilize and install multi-factor authentication (MFA). Duo is the university used multi-factor authentication IT security app that requires you to confirm you are the one logging in to a secure access point. The Duo app on smart phones provides additional information about the location the login request is coming from which is very helpful in being certain that it is YOU authenticating. More information about installing Duo on your mobile device is available on the OIT website.

What is MFA Phishing?

Multi-factor authentication (MFA) phishing is when a malicious actor attempts to gain access to a secure account and sends a false MFA request to a user.

Why is This a Threat?

MFA phishing is one method malicious actors use to bypass IT security measures to gain access to secure data and information. 

Multi-factor authentication is intended to prevent cybercriminals from using any compromised credentials and passwords, but with MFA phishing they are able to overcome this security protection. 

How MFA Phishing Happens

Malicious actors will attempt to use compromised credentials and login to a secure access point. This will generate a MFA request to the compromised user. If  a user is not paying attention to the MFA request details, they may approve the request and allow the malicious actor access.

How to Prevent and Report MFA Phishing 

By remaining vigilant and checking all MFA requests that come through, you can spot an MFA phishing attempt and decline it.

It is best practice when using Duo for accessing university resources to read through the pop-up message and verify your details before approving the login attempt. Don’t approve, unless it’s you. 

Remember, you can help mitigate cyber vulnerabilities by keeping the following in mind:

• If you are not attempting to login to a university system and did not request a push notification, do NOT approve the request.
• Similarly, if you read the details and the location is not your current location or it doesn’t match up with your information, do NOT approve the request.
• When in doubt, reject the request.

If you think your credentials may be compromised or you receive a suspicious Duo notification, decline the request and report the incident to the OIT Service Desk. 

If your workstation has been attacked:

1. Stop all actions. Do not turn off the computer.
2. Contact the Service Desk at 303-724-4357 (4-HELP, if on-campus) and report the incident.