CONTACT EFANI

The solution to sim swapping isn’t far away.
Ask questions; we will provide answers.

Contact a Specialist

Feel free to get in touch with us via phone or send us a message

Get Support

Whether you have issues with your existing account or have questions
concerning our products and services, here is where you will find all
the support you need. Get in touch now.

Reach out

Feel free to contact us with any questions or feedback.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Report Bugs and Get Rewarded

Our unwavering security pledge

The Efani solution is one of a kind for different reasons. However, at the core of our operations, we take security seriously. It is why we are happy to welcome skilled security researchers from anywhere around the world who are interested in identifying a weakness. See how our security level works here.

If you find weakness or vulnerability in Efani, please share with us as soon as possible.  First, you may support the entire community in preventing attacks on their phones. Second, you may be eligible for a reward through our Bug Bounty Program.

Participation

To participate in our bug bounty program, you agree to have read and agree to observe all provisions outlined in the scope. Our Bug Bounty Program only allows researchers to test our servers and procedures. That means our customers’ security testing is off-limit unless you get their explicit permission.
When you join the program, we can ship our SIM card to you to test locally, and if we can establish a cordial relationship and corporation, you may be eligible to participate in our official bug bounty program.

Eligibility and Disclosure Policy
  • Once you discover a potential security issue, please notify us immediately to resolve the issue
  • Please provide a detailed report with reproducible steps to ensure your raised issue is eligible for a reward.
  • Unless you have to chain vulnerabilities to provide maximum impact, please submit one vulnerability per report.
  • In the case of duplicate reports, we will only award the first complete report.
  • We will only award one bounty to multiple vulnerabilities caused by one underlying issue.
  • Altogether avoid privacy violations, data destruction, interruption, and degradation of our service.
  • Please keep all information obtained due to participation in the program in strict confidence and not disclose it. Moreover, you shall take necessary precautions while storing this information notwithstanding the form in which it was provided (“Confidential Information”);
  • You shall use the Confidential Information obtained as a result of participation in the program only within the scope required for such participation and shall take appropriate measures to keep this Confidential Information secret and prevent it from being disclosed to third parties;
  • You shall be held liable for any direct and indirect damage that Efani will incur as a result of disclosure of Confidential Information, including without limitation for any actual damage, lost profits, and any other costs incurred to enforce claims that the Efani may have for the violation thereof;
  • To be rewarded for a vulnerability, you must be the first reporter (we will not reward for a known  vulnerability we are already fixing)
  • You must not be an employee of Efani or its subsidiaries currently or in the last 12 months.
  • You must anonymously report and delete all data gathered in the attack phase.Efani is not legally obliged to pay the bounty.
We forbid the following
  • Huge scans using automated tools are strictly prohibited. If your tests harm an element of our platform, we can take action to block your IP address without further notice. If you still perform prohibited activities on our platform, we will ban you from this program. In extreme cases, we will take legal action against you.
  • Disclosing any vulnerabilities or suspected vulnerabilities you discover to any other person without explicit authorization from Efani.Disclosing the contents of any submission to our program without explicit authorization from Efani.
  • Accessing private information of any person stored on a product of Efani or service – you must use test accounts.
  • Accessing sensitive information (e.g., credentials).
  • Performing actions that may negatively affect Efani or its customers (e.g., Spam, Brute force, Denial of Service). If you see that your test hurts Efani you must stop them and inform us about that.
  • Conducting any physical attack on Efani’s personnel, property, or data centers
  • Performing actions that may negatively affect Efani or its customers (e.g., Spam, Brute force, Denial of Service). If you see that your test hurts Efani you must stop them and inform us about that.
  • Social engineering (e.g., phishing, vishing, smishing) any Efani’s help desk, employee or contractor, or user.
  • Exfiltrating data. Please test only the minimum necessary to validate a vulnerability (we can verify if the vulnerability would enable data exfiltration and will reward, respectively).
  • Violating any applicable laws or breaching any applicable agreements to discover vulnerabilities.
Out of scope vulnerabilities
  • Bugs in content/ services that are not owned or operated by Efani.
  • Vulnerabilities affecting users of outdated or unsupported browsers or platforms.
  • Cross-site Scripting bugs requiring an unlikely amount of user interaction.
  • CSRF on forms available to anonymous users.
  • Missing CAPTCHA.
  • Password complexity or account recovery policies.
  • Username or email enumeration.
  • HTTPS Mixed Content.
  • Issues without clearly identified security impact, such as clickjacking on a static website, missing security headers, or descriptive error messages, cookie flags, lack of CSP.
  • SSL Forward Secrecy.
  • Invalid or missing SPF (Sender Policy Framework) records.
  • Weak SSL/ TLS Cipher Suites.
  • Sending vulnerability reports using automated tools without validation
  • Use of a known-vulnerable library without evidence of exploitability.
  • Reports of spam, phishing, or security best practices.

The fine print

It’s important to mention that we use OWASP Risk Methodology which may be different from the one you’ve. In calculating the severity of the report, we mainly consider the likelihood of exploiting the issue, not just the technical impact. We may modify the terms of this program or terminate this program at any time. We won’t apply any changes we make to these program terms retroactively. If you have any other questions about our security, don’t hesitate to contact us at support@efani.com. Thank you for helping keep Efani and our users safe!

Media Enquiries

We love sharing compelling stories.

Send us a note and our PR and
Communications Manager may be in touch.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Locate Us

Protect your number against sim swapping with Efani secure plan.

100% money-back guarantee for 60 days.

$5 million insurance coverage. Only $99/ month.