Ask HN: I was hit with a SIM swapping attack; ideas on improving protection?
Yesterday I suddenly lost cell service while running errands. Within a half hour I was home. Upon checking my email I found notifications of financial transactions pending (thankfully on a delay). I was able to resolve everything and all is well now but I'm left feeling like I need to rethink all of my online actions. I'm quite careful with my security but once someone took my sim all of my passwords and two-factor authentication went out the window. I was aware of this kind of attack but thought it was relatively hard to pull off. I'm really small potatoes financially and didn't think someone would target me. Apparently it's not all that hard to do this kind of attack. In researching ways to lower my risk I found this article had some good ideas: https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d
I've asked my carrier to put an "in store only" id check to change the account. Does anyone here have any more ideas on ways to prevent this kind of attack?
Thanks I wouldn't trust the carriers at all. You have to unlink everything from your phone number unfortunately. This. Use a Yubikey or similar for 2FA instead of your phone. Don't be shy, shame the carrier - let us know which company allowed this. Don't be swayed by anecdotes; all carriers are totally insecure. Which is your carrier?