I was part of a chat group created by a friend in September last year. Eventually, she apologised for accidentally creating the chat group and began removing a long list of contacts before exiting the group. After that, an older lady was left as the sole administrator.
This morning, we received a message from an unknown number. The contact wasn’t saved under any name—just labeled as "ADMIN." Interestingly, the sender wasn’t actually the group administrator, but appeared to be impersonating one.
This was a red flag for me. Usually a government initiative like this would be published on the official website, and would usually have gov.my.
Here is the reply:
Now, as I look at it again, it is interesting to note that the compromised phone number has changed its security code on December 25, 2024. Usually we won't notice or be bothered by this:
The label on the number changed from "ADMIN" to a name of a lady who is verified to be a real person, by the name, NXXRXS. He/she then sent the following message:
🔐 1. Use Strong Authentication
Enable Two-Factor Authentication (2FA) on all accounts.
Use a strong screen lock (PIN, password, or biometric).
Avoid using easily guessed PINs (like 1234 or birthdays).
📶 2. Be Cautious with Public Wi-Fi
Avoid accessing sensitive information on public Wi-Fi.
Use a VPN if you need to connect to unsecured networks.
📱 3. Don’t Share Your IMEI Number
The IMEI (International Mobile Equipment Identity) is what cloners use to duplicate your device.
Don’t share it publicly or post screenshots that show it.
You can find it by dialing *#06#.
🧩 4. Watch Out for SIM Swap Scams
Use a SIM lock if available through your carrier (telco).
Never share OTPs or SIM card info via phone, email, or SMS.
If you suddenly lose mobile signal for no reason, contact your carrier immediately—your number may have been cloned or ported.
🧼 5. Keep Your Phone Software Updated
Always install security updates promptly.
Use official app stores (Google Play or Apple App Store) only.
Avoid sideloading apps unless you’re 100% sure they’re safe.
🔍 6. Monitor for Suspicious Activity
Unexpected messages, calls, or app notifications could be signs of cloning.
If your phone battery drains quickly or your data usage spikes, investigate.
Contact your telco if you suspect another device is using your number.
📞 7. Talk to Your Mobile Carrier
Ask about security features like:
Port freeze (to prevent SIM swap attacks)
Call/SMS forwarding alerts
Account PIN verification for changes
Yes, a SIM card can be cloned, but it's difficult, illegal in most cases, and not easy with modern SIM cards due to strong encryption and security measures.
### Here's how it breaks down:
#### 1. Technically Possible?
- Old SIM cards (pre-2000s) using the COMP128v1 algorithm could be cloned with special hardware and software.
- Modern SIM cards use more secure algorithms (like COMP128v2/v3 or even newer), which make cloning extremely difficult or practically impossible.
#### 2. How Cloning Works (in theory):
- You’d extract the Ki (authentication key) and IMSI (subscriber ID) from the original SIM.
- Write that data to a programmable SIM (like a SuperSIM).
- Both SIMs would appear to the network as the same device (though most carriers detect this).
#### 3. Legal and Ethical Issues:
- SIM cloning is illegal in most countries and considered a form of fraud.
- Carriers have systems to detect duplicate IMSI use and may disable the number.
#### 4. What’s More Common Today?
- Instead of cloning, attackers might SIM swap, where they trick the carrier into porting your number to their SIM. This is a major concern for account takeovers.
ChatGPT asked my friend if he needed more information:
If you're worried about someone cloning or hijacking your SIM, I can give tips on how to protect it. Want that?
I copied and pasted the above answer from ChatGPT and asked for more information. Here is ChatGPT's answer:
✅ How to Protect Your SIM from Cloning or Hijacking
🔐 1. Set a SIM Lock (PIN)
Most phones allow you to set a PIN code on your SIM card.
This prevents someone from removing your SIM and using it elsewhere without the code.
How to do it:
iPhone: Settings → Cellular → SIM PIN.
Android: Settings → Security → Set up SIM card lock.
🧾 2. Add a Security PIN/Password with Your Carrier
Call your telco and request to set up a security question or account PIN.
This adds a barrier if someone tries to SIM swap or access your account.
Without it, anyone with your IC and basic info might succeed in impersonating you.
⚠️ 3. Watch for Sudden Signal Loss
If your phone suddenly loses mobile signal, but others nearby have signal, it could be a red flag that your SIM was hijacked.
Act immediately: call your telco from another phone and ask them to block your line.
📱 4. Avoid Oversharing Your Phone Number
Use your phone number only where necessary (e.g., avoid putting it on social media or forms that don’t need it).
Many attacks start with social engineering, and the less data out there, the better.
🛡️ 5. Use 2FA with an Authenticator App, Not SMS
Use authenticator apps (e.g., Google Authenticator, Authy) instead of SMS-based 2FA.
If someone hijacks your SIM, they’ll get your SMS 2FA codes—this bypasses that risk.
🕵️♂️ 6. Monitor Your Mobile Account
Log in to your telco’s portal or app regularly.
Watch for suspicious activity—like changes to your plan, address, or linked devices.
🧠 7. Be Wary of Phishing & Social Engineering
Don’t give personal info or OTPs over the phone, even if the caller claims to be from your telco.
Real telcos won’t ask for sensitive info like full IC or OTPs on calls.
🚨 If You're Ever Targeted
Contact your carrier immediately to freeze the line.
Report to Bank Negara or MCMC (if in Malaysia) or the appropriate regulatory body in your country.
Let your banks and platforms know so they can secure your accounts.
Now, I also asked ChatGPT how to protect my phone from being cloned. Here is its response:
🔐 1. Use Strong Authentication
Enable Two-Factor Authentication (2FA) on all accounts.
Use a strong screen lock (PIN, password, or biometric).
Avoid using easily guessed PINs (like 1234 or birthdays).
📶 2. Be Cautious with Public Wi-Fi
Avoid accessing sensitive information on public Wi-Fi.
Use a VPN if you need to connect to unsecured networks.
📱 3. Don’t Share Your IMEI Number
The IMEI (International Mobile Equipment Identity) is what cloners use to duplicate your device.
Don’t share it publicly or post screenshots that show it.
You can find it by dialing *#06#.
🧩 4. Watch Out for SIM Swap Scams
Use a SIM lock if available through your carrier.
Never share OTPs or SIM card info via phone, email, or SMS.
If you suddenly lose mobile signal for no reason, contact your carrier immediately—your number may have been cloned or ported.
🧼 5. Keep Your Phone Software Updated
Always install security updates promptly.
Use official app stores (Google Play or Apple App Store) only.
Avoid sideloading apps unless you’re 100% sure they’re safe.
🔍 6. Monitor for Suspicious Activity
Unexpected messages, calls, or app notifications could be signs of cloning.
If your phone battery drains quickly or your data usage spikes, investigate.
Contact your telco if you suspect another device is using your number.
📞 7. Talk to Your Mobile Carrier
Ask about security features like:
Port freeze (to prevent SIM swap attacks)
Call/SMS forwarding alerts
Account PIN verification for changes
MORE UPDATES:
1. Please secure your Whatsapp to avoid any inconveniences caused. This is a message I received from a friend whose Whatsapp Account was also compromised:
2. Also, remember to download from Apple Store or Play Store the following apps that can help secure your phone:
If you find this useful, please read this as well to make sure your banking apps are secure on another phone. Keep only one bank app on your phone as your petty cash:
https://come-to-senses.blogspot.com/2025/04/this-is-not-foolproof-but-simple-way-to.html
Comments
Post a Comment