Skip to Content
© Antonio Guillem |
Security & privacy

SIM swap fraud: Protect yourself from this dangerous attack

Do you know what a SIM card is? It’s that little chip inside your smartphone to identify you within the cell network that assigns your phone number. It’s something you never think about unless something goes wrong with your phone.

Well, it’s time to start thinking about them. That’s because “SIM-swapping” scams are on the rise. If SIM-swapping sounds familiar, it’s because Kim warned us a long time ago about these types of attacks and how they were inevitable. Tap or click here to learn more about SIM-swapping.

The good news is there are ways to protect your devices from these types of attacks. Keep reading and we’ll explain how SIM-swapping works and how to stay protected.

Scammers are targeting your phone with SIM-swapping

Princeton University recently conducted a study to see just how vulnerable mobile carriers are when it comes to SIM-swapping scams. They tested five major U.S. carriers by signing up for 10 prepaid accounts with each one. What they found was shocking.

One discovery was when they called into a carrier’s customer service, it only took one piece of information to verify their identity and switch service to a different SIM card. They were even able to do this if they failed to get other authentication questions right. This makes it easy for scammers to take control of your account.

To understand why this is bad, you need to know how SIM-swapping works. Here are the details:

SIM-swapping is an elaborate scam. The first thing the criminal needs to do is get some basic information about the victim. This can be done through social engineering and phishing scams where crooks gather as much information as they can.

RELATED: How to spot phishing scams

They browse social media posts, use search engines or engage potential victims in online chats in hopes of getting details that can be used for security questions. Like your mother’s maiden name, names of pets, etc.

RELATED: 9 clever ways thieves steal your identity

Criminals can also get this type of information by using keylogging or spying malware. They can also purchase personal information databases from the Dark Web. Tap or click here to learn how to protect your online identity from the Dark Web.

Once scammers have the information they need, they contact the victim’s mobile phone carrier. They claim to be the victim and that their phone has been lost or stolen, so they need to activate a new phone with a fresh SIM card.

If they successfully pass the identity checks by answering security questions, the old SIM card is deactivated and the one the criminal has is activated. All of the calls and texts are now sent to the fraudster’s phone.

If this happens to you, your phone will stop working and you will most likely get a “No Service” warning. This is the first sign that you’re being scammed. And it’s not just a lack of phone service you need to worry about — the thief can now try to access your bank and other online accounts.

They do this by using the personal data they’ve already gathered, but this time they can incorporate your phone number to receive two-factor authentication (2FA) codes. If successful, they can change your profile settings and set it up to make deposits into their own account.

Now the crook can start draining your bank account. If you have 2FA set up, your bank will ask them for confirmation of who they are by requiring an authentication code sent to your phone number, which is under the criminal’s control. Game over — your bank account is now wiped out.

To make matters worse, now you have to deal with your phone company and bank to prove who you are, which can be a major headache. It’s best to take preventative steps before falling victim to one of these scams.

How to protect your phone from SIM-swap attacks

Since SIM-swap scams are becoming more prevalent, you need to know how to protect yourself. Here are some suggestions:

Use a 2FA app

As we told you earlier, SIM-swapping scams are designed to circumvent 2FA — but only if the 2FA you’re using relies on text messages sent to your phone.

Instead of using text messages for your 2FA codes, try using an authenticator app like Google Authenticator. It’s far more secure than text messages, since the codes can’t be intercepted at the carrier level.

The Google Authenticator app is available for both Apple and Android devices.

Never overshare online

For SIM-swapping scams to be successful, the criminal needs personal information. One way the get it is from social media sites like Facebook. That’s why you should never include things like your address and phone number when creating your profile.

Also, don’t give any sensitive information away if you happen to be chatting with strangers online. It might seem like you’re having a harmless conversation when they ask you the name of your childhood pet, but they can use that information against you when it comes to online account security questions.

To be safe, you should remove your personal data and opt out of broker sites. Tap or click here to learn how.

Create a PIN for your mobile account

Some mobile carriers require a PIN code to make any changes to your account by default. Even if it’s not this way with your carrier, you should set one up.

Call your carrier and explain you want to set up a PIN they have to ask for before any changes can be made to your account — including switching SIM cards. This way, a criminal won’t be able to take over your account just by knowing the name of the first dog you ever had.

Implementing these simple security precautions can save you from major problems later. Don’t wait until it’s too late and someone has pulled the SIM-swap scam on you.

Tech smarts in 2 minutes a day

Get my Daily Tech Update and the Digital Life Hack. Just one minute each and arm you with the tech knowledge you need to impress your boss and friends with how smart you are.