- What is SIM Swapping?
- How Does a SIM Swap Scam Work?
- Warning Signs of a SIM Swap Scam
- How to Prevent a SIM Swap Scam
- What To Do If You're The Victim of SIM Swapping
- Frequently Asked Questions
Did you know that scammers can steal information from your phone without it ever leaving your possession? It’s known as SIM swapping, and it’s an increasing form of identity theft where a scammer steals your phone number and assigns it to a new SIM card.
What is SIM Swapping?
A SIM swap scam occurs when a criminal convinces your cell phone provider into transferring your phone number to their SIM card. This type of account takeover scam targets a weakness in some forms of two-factor authentication (2FA), in which a text or call is used to verify an account holder.
By transferring these incoming 2FA calls and messages, scammers can easily access your most sensitive information without your knowledge. If you haven’t protected your accounts with 2FA, scammers can use your phone number to generate new passwords, locking you out of your accounts.
As many of your online accounts are linked to your phone number, once a scammer has stolen your number, it’s pretty easy to steal your identity. The main goal of SIM swap fraud is financial gain, but it can also be used to compromise social media accounts or defraud those in your contact list.
The Celeb SIM Swap Scam
In 2021, 8 criminals were arrested across Europe as a result of an international investigation of a series of orchestrated SIM swapping attacks.
Throughout 2020, the criminal gang targeted thousands of victims in the U.S., including famous influencers, musicians, athletes, and their families. They managed to steal over $100 million in cryptocurrencies after illegally getting access to their phones.
They also stole personal information and hijacked social media accounts to send messages and post content pretending to be the victim.
How Does a SIM Swap Scam Work?
SIM swaps usually happen without your knowledge, until you realize your phone no longer works. You can't send/receive texts or phone calls, and your data no longer works. Only then, do you realize you've become the victim of a SIM swapping scam.
Scammer Collects Your Information
The scammer collects personal information about you. This could be by trawling social media profiles, buying them from organized criminals, or through their own phishing scams.
They Activate a SIM Card, Porting Your Phone Number
The scammer buys a SIM card and activates it, porting your phone number across. This usually requires them to tell the service provider your current phone account number and PIN, which authorizes the porting of your phone number.
Customer service is tricked into switching your cell phone number to the SIM card on the scammer’s phone.
The Scammer Receives Your Calls and Text Messages
The scammer now receives all of the calls and texts sent to your number, including one-time passwords and authentication codes. The scammer can now access your accounts, such as your email and online banking accounts, even if you have 2FA enabled.
Your Phone Is Disconnected
Once the SIM swap occurs, your phone loses connection to the network, but your WiFi will still work, which could mean this scam could go undetected for a while.
Warning Signs of a SIM Swap Scam
While a SIM swap scam can be difficult to detect, there are some subtle red flags that you definitely shouldn’t ignore, including:
- No account access to your online accounts, including those for your credit cards, bank accounts, and email, etc. If your login credentials no longer work, you could be a victim of a SIM takeover.
- No cell service, even though you have a good signal, is a common sign of a SIM swap, indicating that your SIM card has been deactivated on your device.
- Strange texts and phone calls, for example, about changes to your mobile service or notifications for services you didn’t use.
- Notification of a new device, i.e., your SIM card has been activated on another phone.
- Unusual social media activity, such as posts of direct messages that aren’t from you. Your friends may express concern that your social media accounts have been hacked.
- Receiving a final bill notification from your cell phone provider.
How to Prevent a SIM Swap Scam
The effects of a SIM swap scam can be downright devastating. When SIM hijackers get their hands on your Social Security number (SSN), date of birth, credit card numbers, bank account details, and other personal information, many forms of identity theft can occur.
New lines of credit can be opened in your name, money could be transferred out of your account, and your phone number could be used for criminal activities, such as text phishing scams. The effects of these fraudulent actions can last for years and seriously damage your credit rating.
Therefore, it’s essential to know what precautions you can take to avoid falling victim to a SIM swapping scam.
Lock Your Phone Number
Most phone carriers offer a “Number Lock,” which protects you against unauthorized transfers of your cell phone number. Once your number is locked, it can’t be transferred to another SIM unless you remove the lock—either with a PIN known only to you or by physically going to your phone carrier’s store.
Be Wary of Phishing Scams
Phishing scams are a common way for cybercriminals to get their hands on your personal information. Scammers impersonate legitimate people, companies, or institutions via phone call tests or email to trick you into handing over your sensitive data or login credentials.
The government, your bank, the Social Security Administration, or health services will never contact you unsolicited and ask for your personal information. Delete such emails and texts, hang up immediately on such calls, and instead contact the company or organization directly.
Use Strong Passwords
For your cell phone account and all of your online accounts, create strong and unique passwords. They should be at least 12 characters long with a mixture of numbers, letters, and symbols. The more complex your passwords are, the more difficult they are for hackers to crack.
How to Create Strong Passwords
- Use a mix of letters (upper and lower case), numbers, and special characters.
- Ideally, a password should be longer than 12 characters.
- Avoid using common number substitutions, such as 5 for S or 1 for I.
- Create complex and unique passwords for all your online accounts.
- Use a password manager to help you remember all of your passwords.
Further protect your accounts by choosing security questions that are impossible for scammers to guess. It's also a good idea to use unique usernames for your online accounts to give you an extra layer of security. When creating usernames, remember never to include any personal information, such as your birthday, full name, or SSN.
Modify Your Online Behavior
You’ll be surprised by the amount of information scammers can collect about you by just what you post online, particularly through your social media accounts.
Don’t overshare personal information through social media, as you may unknowingly give scammers the answers to online security questions. Also, avoid adding your address, phone number, and date of birth to your profiles. Check the privacy settings of your social media accounts and ensure they are set to private so that only the people you know can view them.
Use Biometric Authentication
Where possible, use mobile apps that require two-factor biometric authentication through a fingerprint or facial recognition. This means that even if you fall victim to a SIM swapping scam, criminals will be unable to access your banking, email, or other important apps.
What To Do If You're The Victim of SIM Swapping
If you suspect you’re the target of a SIM swap scam, contact your service provider immediately to regain control of your phone number. Once you have control of your number back, change your account passwords, making sure each one is unique and challenging to guess.
Then, check your financial accounts for unauthorized charges or transfers, and check your three credit reports to ensure no new lines of credit have been opened without your permission. If you discover any suspicious activity, report it to the relevant company or organization.