You might assume that the SIM card in your mobile phone is safe. After all, it is firmly embedded into your device, and someone would need to take it out physically to access it. But that isn’t the only method. Tap or click here for an in-depth look at SIM swapping scams.
SIM swapping is an old trick used by scammers to gain unauthorized access to your mobile phone. Not only do they have access to your number, but also all communication that it receives.
The FBI has been warning about SIM swapping schemes skyrocketing recently. Read on to find out what the FBI discovered and ways to protect your online accounts and finances.
Here’s the backstory
Criminals don’t need your physical SIM card to take over your phone. Instead, they can use social engineering or phishing attacks to gather information about you. Then they call your mobile provider, pretending to be you. They claim your phone has been lost or stolen and request your phone number be linked to a SIM card in their possession.
If successful, this process will also deactivate your SIM card. So, they have access to your number, but what else can they do?
Many online accounts, including banking apps, offer two-factor authentication (2FA). A SIM swap scam is extremely dangerous if you’ve set up 2FA for any of your accounts. Once the scammer has your phone number linked to a SIM card in their possession, they can get 2FA codes linked to your accounts sent to them.
Now they have access to your banking accounts, email addresses and even cryptocurrency accounts that you may own.
SIM swapping schemes are nothing new. But the FBI has recently noted an alarming increase. Between 2018 and 2020, the agency’s Internet Crime Complaint Center (IC3) received numerous SIM swapping complaints. In 2021, SIM swapping schemes cost victims more than $68 million.
Thankfully there are ways to stay protected.
How to stay protected from SIM sapping scams
With the number of SIM swapping schemes skyrocketing, the FBI gives the following suggestions on staying protected. Here are some precautions to take:
- Never post financial information – Don’t share information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums.
- Watch for phishing attacks – Do not provide your mobile number account information over the phone to representatives that request your account password or pin. Verify the call by dialing your mobile carrier’s official customer service number.
- Protect personal data – Avoid posting personal information online, such as mobile phone numbers, addresses, or other personally-identifying information.
- Never use the same password for multiple accounts – Use a variety of unique passwords to access online accounts. Tap or click here if you need help creating better passwords.
- Watch for changes – Be aware of any changes in SMS-based connectivity.
- Enable more robust 2FA options – Instead of getting 2FA codes through text messages, use strong 2FA methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts. Tap or click here to find out how.
- Protect your credentials – Do not store passwords, usernames, or other information for easy login on mobile device applications.