Finally, my favorite email app is getting dark mode. And if you’re lucky, you’re already able to take advantage of the new feature within Gmail on iOSandAndroid. We’ve already written about the latter, and now we’re here with a quick guide to enabling dark mode on the former—if you can access it.
Phones break or get lost all the time, but that doesn’t mean you have to lose your personal data when and if that happens. In the video above, I go over the basics of backing up your Apple and Android devices.
Quick Fix is a new video series where I tackle your most commonly asked tech questions in 90 seconds or less. If you have a question you want me to answer, leave a comment below or email me.
SIM swap attacks are “off the hook right now,” as described in a November 2018 article from security maven Brian Krebs. While most of you probably have never, and won’t ever, encounter one, it’s good to be prepared should this irritating hack happen to you.
What is SIM swapping?
SIM swapping involves a hacker duping your cell provider into thinking you’re activating your SIM card on another device in their possession. In other words, they’re stealing your phone number and associating it with their SIM card.
If successful, this attack will deactivate your device, and their device will now be the destination for all texts, phone calls, data, and accounts tied to your phone number and SIM card. With that information, the attacker could easily gain access to your app accounts, personal data, and financial information. They could even lock you out of your services for good.
Think of how many apps and accounts use your phone number to verify your identity—and not even when you go to log in with your username and password, which an attacker won’t know, but the very recovery mechanisms you would use to reset this key information. All the account security in the world won’t do much good if an attacker can pretend they’re you just by taking over your phone number.
What a SIM swap scam looks like
A person doesn’t need physical access to your phone to perform a SIM swap—they can do it all remotely, regardless of your device’s make and model, or your service provider. They just need to have enough information to convince a customer support agent that they are you. You may not see a SIM swap scam headed your way until it’s too late.
The easiest way to tell you’ve been targeted by a SIM Swap is when you see strange behavior from your phone, like an inability to send or receive texts and calls despite not having service shut off; receiving notifications from your provider that your phone number or SIM card has been activated elsewhere; or being unable to login into any of your important accounts. Consider this recent example from ZDNet’s Matthew Miller:
“At 11:30 pm on Monday, 10 June, my oldest daughter shook my shoulder to wake me up from a deep sleep. She said that it appeared my Twitter account had been hacked. It turns out that things were much worse than that.
After rolling out of bed, I picked up my Apple iPhone XS and saw a text message that read, “T-Mobile alert: The SIM card for xxx-xxx-xxxx has been changed. If this change is not authorized, call 611.” Well, seeing as how T-Mobile took away my cell service, I could not call 611 for help so that is a worthless message.”
Preventing a SIM swap attack
It’s a lot easier to set up defenses against a SIM swap attack right now than it is to deal with the fallout from one—one is a minor annoyance, the other will consume your week (or more).
Beware of phishing scams
The first step in an SIM swap attack is usually (but not always) phishing. Sketchy emails with malicious links, bogus login screens, fake address bars—there are many forms phishing scams can take, but they’re easy to spot if you know what to look out for. Don’t click links, download programs, or sign in to websites you don’t recognize. If an attacker gets enough key data about you from these attacks, they’ll have what they need to try a SIM swap.
Reduce excessive personal data online
Whether in addition to phishing or in place of it, the other early part of an SIM swap involves social engineering—basically collecting as much data about you as possible so the hacker can reliably pass for you over the phone or in an email.
To prevent this, keep your phone number, date of birth, mailing address, and all other compromising information off as many of your accounts as possible, and don’t share this information publicly if you can avoid it. Some of this data is necessary for certain services, but you don’t need for any of to be searchable on social media. You should cancel and delete any accounts you no longer use as an added precaution.
Protect your accounts
Many digital accounts have settings that can help you take back your accounts if they’re ever stolen—but they need to be properly set up before the account is stolen in order to be of any help. These can include:
Creating a PIN number that is required for logins and password changes. This is especially important to set up with your cellular carrier, as it’s a great defense against SIM hijacking.
Don’t use your favorite services (Google, Facebook, et cetera) to sign in to other services; all an attacker needs is to break into one to have access to a lot more of your digital life.
You should also make note of important account-related information that could be used to identify you as the rightful account holder, such as:
The month and year you created the account
Previous screen names on the account
Physical addresses associated with the account
Credit card numbers that have been used with the accounts or bank statements that can confirm you were the one who made purchases
Content created by the accounts, such as character names, if the account is for an online video game
Similarly, keeping a list of all your critical accounts will make reacting to a SIM swaps or similar ID theft easier, as you’ll be able to securely comb through each account and change passwords, email addresses, et cetera. Have all this information stored securely—perhaps even as a physical printout of a text file—rather than saving it on a service associated with a digital entity (that could be broken into).
Decentralize your online footprint
Consider using encrypted, open-source apps and services instead of just the apps from Google, Apple, Microsoft, to keep important data spread out, with the most sensitive data stored in places with the highest security. This applies to email, messaging apps, bank apps, etc. Google Drive and iCloud are great, but if everything funnels into a single drive—including personal financial information et cetera—you’re screwed.
Also, you should keep certain data out of the cloud entirely. Don’t throw your tax returns into your Google Drive, because if someone were to gain access, they’d suddenly have a ton of critical information about you (and plenty of information they could use to pretend they are you). And please, no matter what, don’t keep a list of your common passwords, backup sign-in keys, your password manager’s “account recovery” PDF in a simple cloud storage account.
How to respond to a SIM swap attack
If you suspect you’ve fallen victim to a SIM swap or any form of ID theft, work through all of these steps quickly:
File identity theft reports with your local police bureau and the FTC.
Alert your banks/financial institutions to the potential identity report and request holds be put on your accounts and bank cards, then contact all three credit bureaus (Experian, Equifax, and TransUnion) to request a freeze on your credit and flag potential credit fraud. If you suspect your tax identity or social security numbers are compromised, contact the IRS. You might even want to change your bank account or credit card numbers just in case.
Report the identity theft to your cellular service provider. Be aware, however, that unless you can sufficiently prove this has happened and that you are the rightful account holder, they may not be able to do much (since the hacker as your phone number, and all).
If you have an offline/analog list of your accounts and their information, change each account’s email address and password (make sure the new email address is not tied to your phone number; a new one works best), and update any other account security measures. The most important places to start are your email address(es) and financial institutions, including PayPal, Venmo, etc, and any accounts tied to your phone number or Google/Apple accounts.
Important: If given the option, DO NOT have confirmation codes or reset links sent to your phone number. These will be sent to the hacker, not you.
If you cannot log in to an account or reset your password, contact that account’s customer service ASAP and explain the situation. You’ll be asked to prove your identity, so having as much information about the account as possible will help you take back control.
If you’ve never run a diagnostics test on your own smartphone, it’s worth doing—especially as your phone starts to show its age, or if you purchased a “new” smartphone secondhand and want to get a feel for its condition.
Diagnostic tools are also helpful for when your device becomes less efficient, but you can’t quite pin down why. Instead of using guesswork to troubleshoot the various features on your phone until you stumble on a solution, a diagnostics scan can highlight exactly what’s wrong with your phone, or at least provide enough data to point you in the right direction.
Unfortunately, finding the built-in diagnostics tools on Android smartphones and iPhones can be difficult, and some devices don’t even have very good diagnostic options to begin with (if at all). But you can always turn to third-party apps for help.
Built-in diagnostics tools
Most Android phones have a few simple diagnostics tools hidden in the OS, but they vary between devices. The tools are found by typing codes into your phone app’s dialer—kinda like inputting cheat codes in a video game. Type in the codes below, and the menus should automatically open.
Here are the two main codes usable on most Android devices:
*#0*#hidden diagnostics menu: Some Android phones come with a full diagnostics menu. You’ll be able to run a check-up for at least some of the phone’s hardware. However, this code isn’t available on all phones—nothing happened when I tried the code on a Pixel XL, for example, though the menu appeared on a Samsung Galaxy S9. For those that do have access, it’s a handy trick. The menu offers a number of standalone tests to check the performance of your phone’s various parts, such as your screen (touch recognition, color accuracy), your cameras, sensor, and physical buttons like the power and volume controls.
*#*#4636#*#* usage information menu: This menu will show up on more devices than the hidden diagnostics menu, but the information shared will be different between devices. At the very least, you should be able to see app usage history; real-time wifi and cellular network connection stats; and basic phone information like the current service carrier, phone number, et cetera.
You don’t have to press the call button or anything else to open the hidden menus, they’ll just open automatically. If nothing happens when you type in the code, then your phone doesn’t have the feature. Similarly, some devices don’t provide very helpful information, like the aforementioned Google Pixel (which relies on Google collecting diagnostic information from your phone in the background). If that’s the case, then jump on down to the next section for some recommendations for third-party diagnostics apps.
Apple is notorious for its products being “walled gardens,” which makes it hard for users to perform check-ups and DIY fixes for their devices. Unsurprisingly, you won’t find any built-in diagnostics tests that you can run on an iPhone.
That said, the iPhone settings do include detailed readouts on battery performance and history. To find this data, go to Settings > Battery.
You’ll find a number of different options and categories that contain your device’s battery performance data—but nothing else beyond that, unfortunately.
Running diagnostics scans with third-party apps
With limited options available in iOS, the only real option for running diagnostics on your iPhone or iPad is to use a third-party app. These apps are also helpful for Android phones that don’t have built-in diagnostics tools—or if you want a more detailed (and less cumbersome) way to test your phone’s hardware.
This app lets you run both quick appraisals and full hardware diagnostics on iPhone and Android devices. The full scan performs simple actions that test each of your phone’s major hardware functions, including the cameras; battery and charging; onboard sensors; and the performance of location, Bluetooth, and cellular connections.
Each test is simple, and the results are easy to read. If the scan detects something wrong, the app can give you recommendations for nearby repair shops. The only major downside to TestM is that it plays ads between each test, which is annoying. A premium, ad-free version can be unlocked for $18, but that’s a steep price.
Phone Check and Test is a plain-looking app, but it’s capable of much more than just checking that your phone’s hardware “works.” A full scan includes deep CPU, storage, and battery diagnostics, and the test readouts are highly detailed. This makes Phone Check and Test a little less user-friendly than TestM, but it’s an excellent troubleshooting tool that provides you with tons of data.
While the free version does contain ads, they’re minimal, and you can upgrade to Plus for just $2 to remove them. The Plus version also adds a few more testing tools and lets you run standalone tests for each piece of hardware separately, which saves you time over a full system scan.
Like the TestM app for Android phone, Phone Diagnostics can be an ad-ridden mess at times, but hidden behind all that is a reliable set of hardware function tests. The full test takes you through all the major hardware features based on the iPhone model you’re using.
Unlike the other apps we’ve listed, Phone Diagnostics allows users to perform immediate standalone tests of any hardware function your iPhone carries without requiring a paid upgrade.