Your cell phone is used for work, connecting to friends and family, and entertainment. Cell phones are an everyday part of our lives. We share lots of personal information through them, and they rarely leave our side. Unfortunately, like many other modern technologies, they can be vulnerable to attacks from cybercriminals.
SIM swapping is a cyberattack where a criminal hijacks a victim’s phone number. This SIM swap scam is a frustrating and serious form of identity theft that can cost you lots of money and cause emotional stress. In this article, we’ll discuss what it is and how to prevent SIM swap fraud.
What is a SIM card?
A SIM card, or subscriber identity module, is a small plastic card that you insert into your mobile device. It has an integrated chip with a unique identification number that is read by your phone. SIM cards are memory cards that allow your phone to communicate with your carrier.
Your SIM card gives you the ability to receive and make phone calls, send SMS messages, or connect to the internet. It also stores the identity of the owner, around 250 contacts, some SMS messages, and other personal data.
You can find your SIM card usually either through the back panel behind the battery of your cell phone, but some models have a slot on the side that you can use a paperclip to remove. When you purchase your mobile phone, the SIM card comes with your phone. If you lose or damage your SIM card, you can go through your carrier provider to get a new one.
What is SIM Swapping?
A SIM swap attack is when a cybercriminal tricks your mobile carrier into believing they are you. They feign losing their SIM card and get your carrier service provider to send the fraudster your personal information to a new SIM card in their possession. This is a form of identity theft.
According to the FBI, in 2021 there were 1,611 SIM swapping complaints that resulted in around $68 million worth of losses. So, SIM swapping can be dangerous. When an attacker gets access to your SIM card, they essentially steal your mobile number.
By stealing your phone number, they now can get through any two-factor authentication (2FA) process on any of your accounts. Authentication apps are usually a foolproof way of protecting accounts. When you input your login credentials, accounts using 2FA, or multi-factor authentication, will send a one-time passcode to your device, which is often a cell phone.
Then, you will input the authentication code to access your account. If a hacker has access to your mobile device, they can get into even your most secure accounts. In addition, once a hacker has your phone number, they can gain access to the following personal details:
- Text messages
- Date of birth
- Contact list
- Bank account numbers
- Social security number
- Online accounts
- Social media accounts
Typically, these scammers want to access your financial information to steal your money. They will aim for your credit card information, financial account numbers, and cryptocurrency wallets. However, they can also use this information to sell your information on the Dark Web or to extort you into paying them to get your phone number back.
How Do Cybercriminals Perform a SIM Swap Attack?
SIM jacking is actually easier for a criminal to perform than you would expect. A scammer simply needs to convince the customer service of your mobile carrier that they are you. They call your provider and claim they have lost or damaged their SIM card. Then, they use personal sensitive information about you to “prove” their identity.
Many times, hijackers obtain this sensitive information, such as answers to your security questions, through data brokers, data breaches, the dark web, or malware.
The hacker may have gained access to these answers via phishing emails, which is when someone sends you an email impersonating a company you trust and gets you to input your sensitive information. Smishing can also give hackers access to your personal details. Smishing is SMS-based phishing.
Mobile carrier customer service agents are often ill-equipped to deal with this type of fraud. Princeton University conducted a social engineering study in 2020 that determined the data used to authenticate identities. The most insecure authentication methods are the following:
- Street address
- Email address
- Date of birth
- Last 4 digits of the credit card number
- Activation date
- IMEI and ICCID device information
- Security Questions
Most carriers such as AT&T, T-Mobile, Tracfone, US Mobile, and Verizon use these methods to identify customers who call into customer service.
How Can You Tell If You Are a Victim of SIM Swapping?
According to how difficult it is for the hacker to swap your SIM; you may see various signs of SIM swap fraud.
#1 Calls or Texts from Your Mobile Carrier
If you get a call or text message from your mobile carrier apologizing for a disconnected call, do not ignore it. This could be a sign that someone called your carrier, attempting to swap over your SIM card information, and met with resistance, so they are going to try again later.
However, practice caution. This type of call is also a phishing method that many criminals will use to gain access to your personal information. Always verify the company you are speaking to and the phone number that the call comes from. Then, if it turns out to be your mobile carrier, find out if someone has called them on your behalf.
#2 Losing Cell Phone Reception
If your mobile phone suddenly has no cell reception, this may be a sign of SIM swapping. Try restarting your phone. If you still have no mobile service and you are in a location where you usually get reception, reach out to your mobile carrier.
#3 A Password Reset Message
Another sign that you may be a victim of SIM swapping is an SMS or email from your mobile carrier about a password reset. Once again, practice caution. This is another way that scammers phish information from users. So, verify that the message is from your mobile carrier.
Then, if it is from your service provider and you have not requested a password reset, call your carrier to stop the criminal before they complete their fraud
#4 Getting Odd Notifications
If you are getting notifications asking you to re-enter your password, that you lost access to your Google account, your Apple ID has been reset, or Android’s “this account was added to a new device,” you may be a victim of a SIM swap scam.
These notifications will indicate that something is going on, and you should immediately reach out to your mobile carrier.
How to Prevent SIM Swapping
Since your mobile device carries so much confidential information, you want to make sure you do your best to prevent these cyberattacks to the best of your ability. Try out the following additional security measures to try to prevent SIM swapping.
#1 Enable Multi-Factor Authentications
To protect your physical SIM and the information on your phone, enable multi-factor authentication such as PINs, passwords, patterns, fingerprint scanners, and facial recognition to add another layer of security to your device.
You can also add a PIN that needs to be entered every time you restart your device. For Android and iPhone mobile devices go to Settings to create the PIN. Be mindful about what numbers you use to secure your phone. Birthdays and anniversaries are numbers that are easy to hack.
#2 Authorize Port Freeze
Some mobile carriers have Port Freeze or Number Lock to protect your phone number from unauthorized transfer. Essentially, you will have to go to the carrier store in person or unlock the freeze with a PIN to allow the transfer of your SIM.
Once again, be mindful of what PIN you use to lock your account. The harder the PIN is to guess, the more protected your information is.
#3 Make Your Passwords Stronger
A strong password can go a long way in protecting your identity. You want something impossible to guess, so birthdays, middle names, and other easy-to-discover information are not the best fodder for a good password. Instead, passwords use a combination of upper and lower-case letters, numbers, and special symbols.
Sentences and passwords that are 12 characters or longer are typically stronger, as well. Also, use different passwords for different accounts. If you use the same password over and over again, it is easy for a hacker to get access to that one password and steal all your accounts.
This may seem like a daunting task. Most users probably have 10s of accounts that they manage daily. Businesses have even more accounts than that to keep track of. So, try using a password manager to aid you in saving, generating, and remembering passwords.
You will want to make sure to choose one that has a reputation for security.
#4 Non-SMS Multi-Factor Authentication
Since a hacker can gain access to your accounts by gaining access to your mobile device, it makes it a little more difficult for them. When you set up your 2FA, select another method of identification rather than a text message. You could choose hardware tokens, fingerprints, or face scans to authenticate your accounts.
#5 Carrier Specific Protections
Several mobile carriers already have additional protections you can take advantage of to further protect your account. With AT&T, you can log into your account and add a passcode to identify you when you manage your account either online or at the store. They also made you request a Number Transfer PIN before you can transfer your number to a different carrier.
T-Mobile has Account Takeover Protection to further protect your account from fraud. You just contact T-Mobile to turn the feature on. Then, you will need a Number Transfer pin to do anything associated with your account.
Verizon’s Number Lock is a PIN you create to verify you are the owner. You will need to provide this PIN before transferring your number or conducting any other account management. Check with your phone’s mobile carrier to see what protection they must use to keep scammers at bay.
#6 Do not Share Personal Information Online
There are a lot of ways that scammers get access to our personal information. Social media can be a way for hackers to access personal details about your life that help them to answer your security questions. Be wary and avoid posting your pet’s name, location, favorite food, and other identifiers online.
#7 Use Email Encryption to Protect You From Phishing Scams
Additionally, protect yourself against phishing scams by using email encryption and other email security practices. Many people become victims of phishing scams by having insecure email accounts. Sensitive information is easy to intercept if you use public Wi-Fi. Plus, email scammers are becoming more elaborate and more convincing.
If you are looking for a secure email provider, Sekur provides encrypted, Swiss-hosted email, VPN, and instant messaging. With SekurMail, you can send encrypted emails outside of Sekur and have them reply within our secure environment. You will be able to monitor your email activity to keep phishers at bay. You will also be able to send unlimited-sized attachments.
Not only do we offer this secure way to conduct your emails, but you can also add more security to your mobile phone with our 100% private platform. Our VPN keeps you anonymous online with military-grade advanced encryption.
You can also feel safe messaging your family, friends, or even clients with our Sekur Messenger which protects your communications with 100% end-to-end encryption. Regain your privacy. Join Sekur today.
SIM swap attacks can be costly and frustrating. That is why it is important to protect your mobile devices as much as possible from SIM swapping. There are several ways to beef up your security, but also remember to be vigilant and to keep an eye out for any suspicious activity. If you suspect someone may be attempting to steal your identity, reach out to your mobile carrier.