To combat SIM swap attacks, Google's virtual carrier, Google Fi, introduces a digital lock feature

SIM swap attacks have become a prevalent method of cyber attack where hackers gather a target's personal information, including their real name, identification numbers, email, and phone number. Once they have collected enough information, they can impersonate the user and request a SIM swap from the carrier, claiming the phone has been lost or the SIM card is malfunctioning and needs replacement.

After successfully obtaining a new SIM card, the attacker places it in their own phone, gaining access to the victim's various online accounts. This allows them to reset passwords and alter credentials to steal assets. This type of attack has been notably common in the cryptocurrency sector, with numerous incidents of hackers hijacking accounts and draining significant crypto assets.

In response to these threats, Google's virtual network operator, Google Fi, has recently rolled out a new feature called "Digital Lock." This feature requires users to lock or unlock their SIM cards using their Google account credentials. Once a SIM card is locked, Google will not approve any SIM swap requests, even if provided with accurate and complete identification information, without the SIM being unlocked first.

Unlocking a SIM card necessitates logging into a Google account, which requires an account password and a 2-factor authentication (2FA) code. Consequently, this significantly increases the difficulty of carrying out a SIM swap attack.

However, it's important to note that if a user's Google 2FA tools are also on their phone, losing the phone would prevent access to the account and thus, the ability to unlock or swap the SIM card. Therefore, the best security practice recommended is to disable phone number logins for Google accounts, enable 2FA, use apps like Google Authenticator for 2FA, obtain backup verification codes, and keep these codes written down and stored safely at home.

By following these practices, even if the phone is lost, one can log back into their account using their username, password, and backup verification codes to unlock the SIM card. They can then contact Google to request a SIM swap, significantly enhancing security.