Also known as SIM hijacking, jacking, or splitting, SIM swapping is a technique where fraudsters can take advantage of two-factor authentication to take control of your phone number, which they can use to commit fraudulent activities, including gaining access to your social and bank accounts.
Two-factor authentication is used to protect online accounts, but it’s still vulnerable to third parties with your phone. Two-factor authentication works by sending a code to your phone or email for authentication once you log into an account with your username and password. So an individual with access to your phone or email can gain access to your account.
SIM Card
An acronym for Subscriber Identity Module, a SIM card is a tiny chip inserted into a cellphone and contains a unique string of numbers that help identify the user, mobile carrier, and country.
How SIM Swapping works
One way a fraudster can get your phone number is by contacting your mobile carrier and convincing them to transfer your phone number to a new SIM card. This is usually done when a user has lost their SIM card and requires a new one while wishing to retain their particular phone number. This is not as straight-forward, though, as carriers require authentication before doing so.
Carriers usually ask a slew of security questions, which include personal information like your mother’s maiden name, former school, birthdays, and such, which a user typically provides during initial SIM card registration.
This is information that a hacker can glean from browsing and tracking your social media activities. They can also use phishing, a social engineering method where they impersonate trusted individuals or institutions and get you to share personal information.
Alternatively, they can purchase personal user information from stolen data vendors on the dark web.
One less common but still possible way fraudsters use to gain access to personal information is by colluding with employees of the mobile service carrier, who might provide particular information or help ‘port’ the number to a new SIM card in the fraudster’s possession.
Once they’re able to convince your carrier by successfully answering the security questions, they can then access your accounts using the authentication codes sent to their phone, or even go as far as changing your credentials and locking you out of your own accounts.
Another reason for a SIM swap is that once they gain access to your social media accounts, they can use it to blackmail you by sending inappropriate posts and messages using your phone number or name, which can cause irreparable damage, depending on who you are and the content of the messages.
How to know if your SIM card might have been swapped
Since SIM swapping can be subtle, especially by experienced fraudsters, it’s imperative that you are aware of the potential signs that your SIM card has been hijacked and take measures to protect yourself or at least mitigate the damage.
When your phone suddenly loses service, where it might display “No Service” or “Searching…” it could be a telltale sign that the SIM might have been swapped because the old SIM card in your possession is now invalid and inactive.
The inability to send or receive calls and texts is also another telltale sign that your SIM has been swapped because another individual is now the legitimate owner of your phone number.
Strange banking activity. Withdrawals and transfers that you don’t recall making or initiating can be a sign that your SIM has been hijacked and used to access your bank account, which is most often the main goal of SIM swapping.
Strange social media activity. Like with bank accounts, unexplained social media activity might be a sign that your SIM has been swapped and fraudsters are using your social media to impersonate you and probably scam your relatives or gather additional information.
Inability to access accounts. Related to the above, your inability to access your accounts could also signal that a fraudster has gained control of your accounts and changed the access credentials, thus locking you out.
Some carriers usually notify their subscribers that their SIM card is on a new device whenever they swap their SIM cards with a different device. If you receive this message without having knowingly swapped your SIM card onto a different device, it’s definitely a red flag.
Protecting yourself from SIM Swapping
Account Security
Avoiding the use of standard and conventional passwords and PIN numbers like birthdays that can be easily guessed is the first place to start. Strong passwords for every account should be standard practice.
Some mobile carriers allow users to set up special PINs or passwords that they can use when setting up a new SIM card as an extra security layer against potential SIM hijacking. For those who are presented with the option, it’s advisable to take advantage of it.
Authentication apps
As another security layer, authentication apps require your particular phone rather than your phone number to authenticate and grant access to your accounts. In case your SIM has been hijacked, the fraudster would still need physical access to your phone.
Activity and Security alerts
Activating alerts like SIM and device change alerts, social media log-in alerts, and bank activity alerts is also advisable. In this way, any activity you didn’t directly sanction can be known almost immediately.
Cautious use of the internet
Phishing and other social engineering techniques are how fraudsters extract personal information from unwitting victims. Knowledge of these techniques is priceless.
Other safe internet practices, like making social accounts private or not sharing too much personal information, are also advisable.
Comments