Wednesday, July 12, 2023

T-Mobile SIM swap protection

Many of us know or heard about how easy it is for cyber criminals to circumvent the SMS based 2FA authentication. While SIM swap scams are around for a while but according to FBI, it is currently on the rise. Ideally, you should use the authenticator app or better yet, hardware keys for 2FA but if the website only offers SMS based 2FA you have no choice but to use that. Unfortunately, lot of websites including some financial/banking websites offer only SMS based 2FA. If you are a T-Mobile customer, you can secure your SMS based authentication slightly better with T-Mobile SIM swap protection feature. I don’t know how well it actually protects but it is better than nothing. Log into your T-Mobile account and navigate to Account/Profile/Privacy & Notification/SIM protection to toggle it on as shown on the screenshot below. For convenience, the link below will take you to this setting directly if you are already logged into your T-Mobile account. 

https://www.t-mobile.com/account/profile/fraud-block/simswap


Related Link:

https://www.wirefly.com/news/fcc-proposes-new-rules-stop-sim-swap-attacks


Saturday, July 1, 2023

Three Simple Online Banking Safety Tips


Here are three simple steps you can take while doing online banking to minimize your chances of becoming a victim. As the title says, these steps are simple and does not take much time or effort to follow.

  1. Before login to your banking website for financial transactions or to even review your bank statement etc., close all tabs in your browser. If you are paranoid, temporarily disable any browser plugins you may have installed which you can turn on later.
  2. When you are logged into your banking website, do not do anything else like google search, Facebook, Instagram, or any other browsing specifically, read emails or worse, click on a link your buddy sent you to "check it out". You can do all that after step#3 below.
  3. Once you are done with your online banking business, make sure to log off. Many secure banking web sites these days do protect you by logging you off automatically. However, don’t rely on them because there are still some stupid online banking web sites that don’t properly log you out in a reasonable time or worse, don't do anything.

Simple Cyber Hygiene Practice


Here is some advice on simple cyber hygiene practices to protect yourself online. You really don't have to take extreme steps to bulletproof your online accounts because if a persistent and determined cyber criminals decided to target you (i.e., spear phishing), there is very little you can do to stop them especially if you are a high value target. Luckily most of us don't fall into that category unless you are dumb enough to divulge your personal info by posting on social media that makes you a target. However, with a bit of effort on your part, you can make it slightly harder for cybercriminals to scam you so they will move on to easy targets. 

"You don’t have to run faster than the bear to get away. You just have to run faster than the guy next to you."

Trust me, there are still stupid people out there who use "123456" as password (BTW: "123456" is one of the top 10 passwords in 2022 including "password") feeding this fast growing $8 trillion cybercrime business. 

Now, how do you make it "slightly harder"? The answer is, as you may have heard many times, don't just rely on user/password alone even if you have a strong password like "~ti0ah5%#W". Though a strong password is the first step in making it harder, it does not always protect you in all cases as there are ways criminals find a way to gain access to your stuff. So, ensure that you enable 2FA (two factor authentication) wherever it is offered. If multiple methods are provided for 2FA like SMS & authenticator, choose the latter as SMS based 2FA is a false sense of security though it is better than just user/password.