SIM swapping has allowed thieves to gain access to victims’ cell phone accounts and divert calls and texts to a new device. This may sound like more of a temporary inconvenience, but it can result in large scale identity theft and significant financial loss.
How they get access
Fraudsters start by getting access to a mobile number through the SIM card, which connects a phone to the mobile network. They contact a phone carrier and impersonate the victim. They’ll pretend the SIM card has been lost, stolen, or damaged and request a new one be activated. Through a series of verification steps, they are granted access and the fake SIM card is activated on the thief’s phone. This causes the victim’s mobile network to be deactivated. Thieves may also attempt to “upgrade” the victim’s phone in-store and walk out with a new activated phone, leaving the victim’s phone deactivated.
What they can do
Once a thief has access to control a phone account, they begin receiving all texts and calls. This allows them to reset passwords tied to the mobile number and use the text-authentication feature to gain access to accounts. Targets may include financial accounts, social media, mobile payment apps, email and communication, and more. Once inside, the thief can update information and set email forwards, making it more difficult for the victim to regain access.
Signs of an attack
The best indicator would be if your mobile network suddenly shuts off for seemingly no reason, despite others around you having service. Other indicators would be suddenly not receiving calls or texts, an inability to access your accounts in mobile apps, or new charges showing up on your phone bill.
Actions to take if you’re a victim
If you suspect something is wrong with your mobile service, contact your phone carrier immediately. Ask if any new phones have been activated or if a new SIM has been issued and update all of your security options. Next, contact your financial institutions to inform them you’ve been targeted. Be sure to update your security features and place fraud alerts on your accounts. Follow their procedures to try to recover any lost money. You may also want to check your credit report for any suspicious activity and you can place a fraud alert on your credit reports as an added measure for any new requests for your credit.
Steps to take:
- Check with your mobile carrier to see if you can add extra layers of security. Many companies offer the ability to create a security PIN to protect your account.
- Always check your phone bill and shred old ones instead of throwing them in the trash.
- Add multiple authentication methods to your financial, social media, and communication accounts. Avoid the use of your mobile number as a sole authentication method.
- Add security alerts to any accounts offering them. This will let you know when someone else accesses your accounts.
- Limit the information you share by text because SMS is generally not encrypted. Also, be aware of what information you store in online accounts and publish on social media.