Identity theft is an ongoing concern for us all and while we may take all the precautions that experts advise, the criminal is always one step ahead in devising new ways to breach our security and steal our assets.
A SIM card swap scam is a terrifying and little-known, type of fraud that targets a weakness in two-factor authentication and two-step verification that uses text messages or calls to a mobile phone. It happens when criminals trick your phone carrier to transfer your phone number to a SIM card in their possession by impersonating you and claiming to have lost or damaged your phone or SIM card. This way, they can take over control of your phone number and use it to access your online accounts and reset your passwords.
In a SIM swap, the hacker doesn’t need to physically steal your SIM card — the thing in your phone that identifies it as your phone. They just pretend to be you and persuade an employee at your telecom provider to activate a new SIM card for them, using your phone number. Once that happens, your phone immediately loses service — and the hacker can now use your number to wreak havoc on your life. They can send messages to others pretending to be you, intercept texts from your bank, and even reset your passwords to lock you out of your own accounts.
SIM swapping hasn’t been around long. It started in about 2018 as a way for gamers to steal other people’s cryptocurrency, which is pretty easy to do once you have full access to someone’s phone. But now, experts say, the crime has become more pervasive — and far more organized. In 2021, the FBI reports, SIM swaps robbed victims of more than $68 million. “You could think of these people as petty thieves,” says Allison Nixon, the chief research officer at Unit 221b, a cybersecurity firm. “But after 2018, these are petty thieves that became millionaires.”
- Avoid replying to calls, emails, or text messages that request personal information or contain suspicious links.
- Limit the personal information you share online, such as your phone number, email, or address.
- Set up a PIN or password on your cellular account and use strong security questions and answers.
- Use an app-based or physical authenticator instead of SMS-based 2FA for your online accounts.
- Lock your phone number with your service carrier to prevent unauthorized transfer