Home M3AAWG Blog M3AAWG 49 Session: SIM Swap and YOU

Author: Alex Brotman, Chair, M3AAWG Data and Identity Protection Special Interest Group

(Photo Credit: Norwood Themes, Unsplash)

Like a driver’s license confirms your identity, your phone number is used to verify your identity online. Given the widespread use of phone numbers in two-factor authentication and password reset, SIMs are an extremely valuable target for cybercriminals –– and anyone could become a victim. Armed with only a phone number, cybercriminals manipulate their way into accessing personal financial information, cryptocurrency accounts, and even corporate email accounts, exposing sensitive data that could lead to millions in financial damages.

Allison Nixon, Chief Research Officer at Unit 221b, has investigated and worked to prevent cybercrime for nearly a decade, focusing on DDoS, and tracking cybercrime organizations. At M3AAWG’s virtual 49th General Body Meeting, Allison will lead a session detailing the latest research on SIM swapping prevention, and offer best practices for Internet companies to implement to ensure the security of end-user SIM credentials and protect themselves against civil suits which are increasingly being levied by hacked customers.

In the session, Allison will also explore:

  • Current government guidelines for companies to prevent SIM swap attacks, and how they’re impossible to uphold given subscriber hardware privacy standards;
  • Measures cybercriminals are taking to avoid detection, and how Internet companies can better prevent, identify and track SIM swap attacks within their networks;
  • The need for Internet companies – not subscribers – to implement strong security measures, including more robust password reset protocols, to prevent SIM swapping and subsequent account breaches;
  • The responsibility security professionals have in lobbying their organizations on implementing stricter authentication measures to mitigate SIM-swapping attacks, and prevent their organization’s exposure to civil suits and reputational damage.

Interested in learning more about SIM swapping and the role telecommunication companies must play in protecting subscribers from SIM swap attacks? Join Allison’s “SIM Swap and YOU” virtual session during M3AAWG’s 49th General Meeting on June 10th at 11am ET.


The views expressed in DM3Z are those of the individual authors and do not necessarily reflect M3AAWG policy.