Intelligent CISO Issue 14 | Page 35

 PREDI C TI VE I NTEL L I GE NC E The interest in such attacks is so great among cybercriminals that some of them decided to sell it as a service to others. already offer this additional security for your number. • Process improvement. As we mentioned above, some processes contain weaknesses, especially in emerging markets. It’s important to dissect all the stages of the process and understand what the underlying weaknesses are. In some countries, there’s a thriving black market that makes it possible to obtain fake documents. These documents can then be presented to operators as proof of identity for SIM swaps. www.intelligentciso.com | Issue 14 • Activate 2FA on WhatsApp. To avoid WhatsApp hijacking, it’s of paramount importance to activate 2FA using a six-digit PIN on your device. In the event of hijacking, you’ll have another layer of security that is not so easy to bypass. • Request your number be unlisted from TrueCaller and similar apps. TrueCaller is a crowdsourced phone book. It allows people to be identified through their mobile number. However, as we mentioned before, fraudsters use this tool to find out more information about you. You can, and should, request that your number is unlisted from this global phone book. Despite the fact that attacks on 2FA with the use of tools such as Evilginx are becoming more sophisticated, software tokens still provide a reasonable level of security by today’s standards. While there is no silver bullet solution, we believe that declaring the death of SMS-based 2FA is the way to go. This is especially true when it comes to online banking, social media and email services. u 35