According to the Federal Bureau of Investigation, SIM swap scams are on the rise. The FBI reported that they had received 1,611 SIM swapping complaints with losses of more than $68 million in 2021.
If you’re unfamiliar with this scam, it takes advantage of people’s lack of knowledge of how SIM cards work and puts their information at risk.
In this article, we will discuss SIM swapping, how it works and how you can protect yourself from becoming a victim.
What is SIM Swapping?
SIM swap is a hacking technique. The scammer takes advantage of a two-factor authentication and verification weakness and uses your phone number to access your accounts.
What is a SIM Card?
SIM is a small and removable chip card used in your mobile phone. These cards contain personal information, such as your phone number, location, and text messages. Without a SIM card, you won’t be able to receive calls, send text messages, or access the internet.
How SIM Swapping Works
The goal of the SIM swap scam is simple: thieves want to transfer your phone number to a new SIM card, moving your number to a phone in their possession. To do this, they will try to gather the personal information they need to successfully impersonate you for your wireless provider; this information may include your name, Social Security number, street address, and phone number.
There are many ways to get this information. Your data could be stolen in a data breach and sold on the dark web.
Thieves may try to trick you into providing your information by impersonating a legitimate company in an email phishing scam. They may even call you, pretending to be your wireless provider.
No matter how they gain your information, scammers will use it to contact your wireless provider and impersonate you. They will ask the provider to transfer your phone number to a new SIM card, which gives them control of your number.
Most wireless providers will require answers to security questions, but the SIM scammer will be prepared with the information they’ve already collected.
Once your number is ported to a new SIM card, the thief will try to access your accounts – including bank accounts, social media accounts, shopping websites, and more – by resetting your password at the point of login. In addition, companies that send 2FA verification codes via SMS will message the codes directly to your number, and scammers can use that information to get into your account.
Losing service to your existing phone will be your first indication that something is wrong; by then, it might be too late.
The potential damage is enormous. For example, a scammer could gain access to your bank accounts and use your credit cards. They could take over your social media accounts and try to scam your friends and family or hold your accounts for ransom. They can even steal additional personal information from your accounts and use it to commit further identity theft, wrecking your credit in the process.
Warning Signs That You’re the Victim of a SIM Swap
It’s essential to recognize the warning signs of a SIM swap. Doing so can shut down fraudsters’ access to your phone before they cause too much damage. So here are some warning signs to watch out for.
Unable to receive texts or calls.
A scammer could have activated your phone if you’re not receiving any text messages or phone calls.
If you receive a password or email change notification that you didn’t reset, that could be a sign of a SIM swap scammer.
Unable to access your account.
Scammers lock you out of your account, leaving you in the dark.
The apps aren’t working.
SIM swap attacks prevent you from accessing your app accounts.
Social media takeover.
SIM swap attacks usually target victims’ accounts to gain more personal information.
How to Protect Yourself Against SIM Swap Scams?
The good news is that you can help minimize SIM swap attacks. Below are a few tips to help to protect you against SIM swap scams.
Make sure your phone is protected with strong passwords and security questions.
Beware of Phishing Emails.
Be cautious with opening emails. Attackers like to pose as a legitimate institution, such as a bank or service, to obtain sensitive information from you.
Avoid using your cell number.
You should avoid linking your cell phone number to online accounts, as it leaves your number vulnerable to hackers and data breaches. You should also limit who you share your cell phone number within your personal life.
When you must share a phone number, try using a landline or Google Voice number, which aren’t tied to SIM cards. Also, consider removing your cell number from any accounts you keep on record.
Use a PIN with your wireless provider.
many major wireless providers like Verizon and AT&T now require a separate PIN that must be used when you contact their support team and request changes to your account. Other providers may offer this service as an optional feature; if they do, you should opt-in.
If you need extra protection, consider an authentication app. Usually, these apps are free and tied to your smartphone instead of your phone number.
Set up mobile banking alerts.
Many banks offer customers the option to set up alerts with their accounts. This can help you watch over your accounts.
Consider Identity theft protection.
Signing up for identity theft protection can help safeguard your personal information. Monitoring services, such as IdentityIQ, offer round-the-clock monitoring and real-time fraud alerts to stop fraudsters.
Hang up and call back.
If you’re on the phone with a representative and need clarification on whether they’re legitimate, hang up and call the company again. It will help you identify if the representative is a scammer or not.
Other Tips to Protect Yourself from SIM Swapping
Don’t share personal information.
Be careful with the personal information you share. That goes for social media accounts, links from legitimate emails, and phone calls from people claiming to work for your wireless provider. If you must share information, verify that the third party is who they claim to be.
Don’t use SMS for 2FA.
The easiest way for SIM swap scams to work is if you receive authentication codes via SMS (text message). For accounts that allow it, you should consider using an app (like Google Authenticator) or a secure authentication key (like Yubikey or Google Titan).
These authentication tools don’t rely on SMS and aren’t vulnerable to SIM swapping.
Avoid posting about your assets.
Don’t share on social media about your investments, retirement, or savings; it could make you a target.
How to Enable SIM Swapping Protections
If you need to enable any SIM swapping protection, reach out to your service providers like AT&T, T-Mobile, and Verizon. They can provide you with advice or a new SIM Card if necessary.