All You Need to Know About SIM Swaps

SIM swapping, also known as SIM swap scams, or SIM hijacking, can be a nightmare for an unwary victim. According to a recent announcement by the FBI, this ruse is on the rise. In 2021, the FBI received 1,611 reports of SIM swapping, with losses totaling over $68 million, a more than five-fold increase from the 320 SIM swap complaints occuring in 2018 and 2019 combined. Here’s what you need to know about this prevalent scam and how to protect yourself. 

How the scam plays out

In a SIM swap scam, a criminal steals a target’s mobile phone number by tricking the victim’s cellphone provider into transferring the number to a SIM card in the criminal’s possession. 

Before the actual scam is pulled off, the scammer will generally employ a phishing scam to obtain some basic information about the target’s mobile number and phone service provider. They may reach out to the target via email, text message or phone call. They’ll pretend to represent the service provider, and ask the target to share or confirm their phone number and/or account number. They may claim there is an issue with the target’s account, and say they need this information to fix the problem. Unfortunately, the target often believes they are engaging with an authentic representative of their phone company, and willingly shares this information.

Next, the scammer will call the target’s service provider and use this info to convince them that they are actually the target. The scammer will claim that their SIM card has been lost or destroyed and they’ve purchased a new one to replace it. If the mobile service provider falls for the ploy, they’ll transfer the phone number to the scammer’s SIM card.

Finally, the criminal inserts the now-active SIM card into their own device and uses it to access the victim’s accounts by bypassing the SIM-based two-step authentication. The scammer then proceeds to change all passwords for online accounts linked to the phone. Unfortunately, this leaves the victim with an inactive SIM card and worse, locked out of their own accounts.

Protect yourself

Despite its prevalence, there are ways to protect yourself from SIM swap scams. The FBI advises consumers to take the following precautions:

  • Never share information about your financial assets while online.
  • Never share information about your mobile phone number or cellphone provider with an unverified contact over the phone or online.
  • Don’t assume every communication from an alleged service provider is legit. If you receive an unexpected call, message or email from your mobile phone’s provider asking you to share or confirm information, do not engage. Contact the provider directly to determine if the communication was authentic. 
  • Keep your social-media platform settings private.
  • Use strong, updated security for all your devices. 
  • Never share personally identifiable information online. 
  • Use strong, unique passwords across all your online accounts.
  • When possible, use strong, multi-factor authentication, standalone authentication, apps and physical security tokens to access accounts that contain sensitive information.
  • Don’t allow your mobile devices to “remember” your passwords, usernames and other personal information.

If you’ve been targeted

If you believe you’ve been targeted by a SIM swapping scam, take these steps to mitigate the damage:

  • Reach out to your cellphone provider for assistance in regaining control of your phone number.
  • Change the passwords and logins on all your online accounts.
  • Let your financial institution and credit card companies know about the scam so they can look out for suspicious activity on your accounts. 
  • Consider placing a credit alert and/or credit freeze on your accounts. 
  • Report the scam to your local FBI field office, your local law enforcement agency and the FBI’s Internet Crime Complaint Center.

Stay alert and stay safe!

Your Turn: Have you been targeted by a SIM swap scam? Tell us about it in the comments. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.