SIM Swapping

What is a SIM card?

A SIM card is a removable chip that you insert into your mobile device to connect it to a cellular network. It holds a unique identification number and can be used to store mobile numbers, contacts, and text messages.

Without a SIM card, you won’t be able to connect your mobile phone to the internet.

But with an active SIM card, you can connect to a mobile network, send messages, make calls, and access mobile data. It can also easily be swapped between devices (if they’re compatible) so that you can transfer your phone number and personal information to a new mobile.

What is SIM swapping?

SIM swapping, also known as SIM hijacking, is where a scammer takes control of someone else’s phone number. They do this by convincing the cell provider to illegally transfer the number to their own SIM card. Once they have it, the cybercriminal is able to use it to access the victim’s accounts and steal their identity.

How does SIM swapping work?

SIM swapping is surprisingly easy—it requires no coding, malware, or physical contact. All the scammer needs is a little bit of personal information and a fresh SIM card. Then they can trick your mobile provider into transferring them your phone number.

Here’s how SIM swapping works:

• The scammer collects your personal information. This information includes your full name, address, current phone number, and account details. Usually, they will collect this information through phishing attacks or by scraping your social media accounts.
• The scammer contacts your mobile service provider. With sufficient personal information in hand, the scammer then calls your mobile provider. They impersonate you and claim that your existing SIM is lost and needs to be swapped to a new one.
• The mobile provider transfers your number. If they’re successful, the mobile service carrier will deactivate your SIM card and transfer your number to the attacker. They can then use your number to bypass two-factor authentication (2FA) codes and access your online accounts.

You might also be wondering, “Can someone track my location with my phone number?” And the answer is yes. That’s one reason to use Clario AntiSpy’s Virtual Location tool to mask your physical location and protect your privacy.

How SIM swappers use social media

SIM swappers use social media to collect personal information on potential victims. For example, they’ll search for names, addresses, birthdates, phone numbers, and answers to security questions (like your mother’s maiden name).

They may also use social media platforms to engage in social engineering tactics, like phishing scams. Using these tactics, they might be able to collect additional information that helps them impersonate their victims.

Signs of a SIM swap attack

There are several warning signs that you’ve been the victim of a SIM swap scam. Here’s what to look out for:

• Calling and texting issues
• Suspicious activity notifications
• Loss of access to personal accounts
• Unknown transactions

1. Calling and texting issues

If you’re having trouble texting or calling, it could indicate that someone has canceled your SIM card or plan. The same goes if you suddenly lose service altogether. If you experience any of these issues, you should contact your cell provider immediately and ask them to verify whether or not your SIM card is still active.

2. Suspicious activity notifications

If a scammer is actively trying to transfer your phone number to their own SIM card, you might receive unexpected notifications about the change to your service. For example, you might receive a text saying that this SIM card will no longer be active after a certain time point. If you receive any strange notifications, contact your mobile service provider as quickly as possible.

3. Loss of access to personal accounts

If you use your phone number to sign into your banking, social media, or email accounts, you might lose access if a scammer steals your number. This is because, as soon as they gain access, they change your passwords to lock you out. So, if you suddenly lose access to your personal accounts, it’s a sign that you’re a victim of SIM swapping.

4. Unknown transactions

Unknown transactions on your bank and credit accounts are always a red flag that someone has gained unauthorized access. And if someone has access to your financial accounts, it’s possible that they gained it through SIM swapping. If you receive warnings of suspicious transactions, contact your financial institution immediately.

How to stop SIM swapping

To stop a SIM swapping attack once it’s started, you need to contact your cell provider. They’re the only ones with the power to deactivate the attacker’s fraudulent SIM card and reactivate your own.

Every minute counts, so as soon as you see one of the warning signs, call your service provider. They should be able to verify your identity and confirm whether or not SIM swapping has occurred.

How to protect yourself from SIM swapping

There are several steps you can take to prevent SIM swapping (and reduce the severity if you do fall victim), including:

• Use two-factor or biometric authentication. 2FA and multi-factor authentication (MFA) adds additional layers of security to your accounts. By using a 2FA app like Google Authenticator, you can prevent scammers from getting access to your accounts–even if they steal your phone number or passwords.
• Know the signs of a phishing attack. The most common way scammers steal people’s personal information is through spear phishing attacks. These are emails or messages that are designed to trick you into handing over sensitive info. Knowing what they look like can help you avoid falling victim.
• Don’t link your accounts to your number. If you link your online accounts to your phone number, you’re increasing the amount of damage a fraudster can do if they get hold of it.
• Ask for a number lock. Many cell providers let you lock a number to your current SIM. Some also let you use a port freeze service to prevent port-out attacks. For example, with Verizon, you can lock your number using the MyVerizon mobile app. Once activated, you can only transfer your number with your unique PIN or by confirming your identity in person.
• Use safe browsing habits. Unsafe internet behaviors are one of the main reasons people fall victim to financial fraud and identity theft. For example, you should never use public Wi-Fi (4G is safer than Wi-Fi in these cases), avoid clicking links in unsolicited messages, and only access websites that use HTTPS encryption.

What steps do you need to take if you get your SIM swapped

If you’ve fallen victim to a SIM-swapping scam, you need to act immediately. Here’s what to do:

• Call your SIM card provider
• Freeze your banking accounts
• Disable two-factor authentication
• Enable special security features

1. Call your SIM card provider

Use a different device to call your service provider and inform them of the SIM swapping attack. Ask them to suspend the scammer’s SIM card and transfer the number back into your hands. In the worst case, ask them to deactivate the number entirely and get a new one.

2. Freeze your banking accounts

If any of your financial accounts are linked to your phone number, they’re in danger. The scammer could use your phone number to log in or bypass any security measures that you’ve put in place.

To be safe, contact your bank to put a freeze in place immediately and prevent financial fraud. Once you’ve sorted out the problem with your phone number, you’ll be able to unfreeze your accounts and use them as normal.

3. Disable two-factor authentication by text

Two-factor authentication is usually a powerful way to protect your device and accounts from fraudulent sign-in attempts. The problem is, if you receive your 2FA code by text, a scammer with your phone number can easily gain access.

Instead, you should use biometric authentication or multi-factor authentication (if available). If these aren’t, then you should make sure the 2FA code is sent somewhere else, like to your email or another phone number. This way, you’re making it harder for SIM swap attackers to successfully hijack your accounts.

4. Enable special security features

Once the scammer’s SIM has been deactivated, you need to secure your accounts as quickly as possible.

Then, activate any additional SIM swap protection features that are available. For example, some phone companies allow account holders to set up unique account passwords, PIN codes, and security questions to protect their identity. With these in place, it’s much harder for a scammer to gain access.

Likewise, make sure you receive carrier alerts. Most mobile carriers will alert you if a SIM swap or port-out is going to occur, but some won't. Call your carrier and make sure that you’ll receive a text message asking you to confirm a swap.

Conclusion

Imagine that your SIM card is suddenly deactivated, and someone else is in control of your phone number. That’s what happens when you’re the victim of SIM swap fraud. And the scammer will use your number to steal your identity and money.

To avoid becoming a victim, secure your accounts, use safe internet habits, and invest in an anti-tracking tool like Clario AntiSpy.