SIM CARD SWAP
What is SIM Card Swap?
What is a SIM Card?
A subscriber identity module, widely known as a “SIM card,” stores user data in cellular phones on the Global System for Mobile (GSM) network -- the radio network used by companies such as AT&T and T-Mobile to provide cellular telephone service to their subscribers. SIM cards are principally used to authenticate cellphone subscriptions; as without a SIM card, GSM phones are not able to connect to AT&T’s or T-Mobile’s telecommunications network. Not only is a SIM card vital to using a phone on these networks, the SIM card also holds immeasurable value as a tool to identify the user of the phone. An "eSIM" is just the electronic version of a SIM card, which is embedded into your mobile device's motherboard or CPU. An eSIM holds the same principals, roles, values and uses as a traditional, physical SIM card.
What is a SIM Card Swap?
SIM swap fraud is when a scammer transfers your phone number to another device without your authorization. This allows scammers to begin receiving communications associated with your phone number, including those that may allow them to access your social media profiles, banking apps and other accounts such as cryptocurrency. Bad actors and hackers use this fraud on prepaid and post-paid wireless accounts.
How Does The Sim Card Swap Work?
Typically, the theft begins when an unauthorized person contacts the provider’s technical support department on the phone, or walks into a retail store, pretending to be the accountholder. Claiming that he wants to activate a “new” phone, the thief convinces the provider to create a new SIM card to install in the thief’s “new” phone. Whether acting as a co-conspirator to the theft or through abject negligence, the carrier's employee then transfers to the unauthorized person the accountholder’s wireless telephone number -- disconnecting the telephone number from the actual accountholder’s wireless phone’s SIM card and then connecting the telephone number to a SIM card under the control of the hacker or unauthorized person. From there, the victim loses cellphone service, given that only one SIM card can be connected to the provider’s network with any given telephone number at a time.
As of lately, most of the SIM card swaps have been taking place on the other side of the world, affecting where you read this right now. The hackers have been able to bribe carrier employees either in retail stores or carrier call centers, hundreds of thousands of dollars in cash or in cryptocurrency to switch legitimate customer's phone numbers and/or SIM card (eSIM) to the hacker's phone of choice. It works with both physical SIM card and eSIM.
Having gained control of the victim’s wireless phone number, the thief then attempts to gain entry into the victim’s email accounts by entering the victim’s email address on Outlook, Gmail, or any other email provider, selecting the “Forgot Password” option, and then receiving a text message intended for the accountholder with a password reset code. Once inside the victim’s email account, the thief then scours information stored on the victim’s email account. The thief may also search for information stored on the victim’s wireless phone -- which has been wirelessly delivered to him by the service provider -- to find information such as passwords or other identifying information that would grant the thief access into the victim’s e-mail, banking, and investment accounts. Additionally, using the victim’s telephone number, the thief then diverts to himself access to the victim’s banking and investment accounts by using the victim’s telephone number as a “recovery method” -- even if the victim had two-factor authentication activated as a security measure on his accounts.
In most instances, SIM swap thieves invade victims’ bank accounts and even stolen their cryptocurrency. Cryptocurrency, in fact, is one of the primary targets of SIM swapping thieves. Once the hacker has drained your checking and savings accounts as well as any crypto stored on your mobile device it is nearly impossible to recover stolen assets.
What are The First Signs of SIM Card Swap? How Can I Tell If I have Been A Victim of SIM Card Swap?
During a SIM swap, the earlier you reverse the changes to your accounts, the better. If you notice any of the following warning signs, contact your cellular provider immediately, as you might be under attack.
- Strange calls or texts about an unexpected change to the service. Pay attention to this and contact the carrier immediately.
- You are locked out of your phone's online accounts, such as a bank or social app.
- Your phone loses service, or you cannot receive calls or texts, even with good reception.
- You receive phone service notifications for actions you didn't take.
- You get emails or notifications about changed passwords or forgetting your passwords
What To Do If You Suspect A SIM Swap
If you see any of the signs mentioned above, get through to your carrier as soon as possible. Every minute wasted provides the attacker more time to exploit you. A simple call to your service provider will reveal if any changes were made to your account. You can take appropriate measures from there.
However, in case of a successful swap, your line won't have cellular service, making it impossible to reach your provider. It's recommended to have a backup number you can use to make the necessary call in that case.
How To Prevent SIM Card Swapping on Your Device
The cost of a SIM swap could be catastrophic. Your best bet is to take precautions to avoid falling victim in the first place. Here are a few steps you can take to stay safe.
1. Protect your phone and SIM
Most phones ship with several protection methods, including PINs, passwords, patterns, fingerprint scanners, and facial recognition. The latter two are standard in modern devices, so enable them to add another layer of security.
Aside from your phone, you should also protect your physical SIM. You can lock it with a numerical PIN that you must enter every time you restart your device. Your Android device or iPhone should allow you to create a PIN in Settings. Just make sure you don't use your birthday or that of someone important to you.
2. Lock your phone number with your service provider
Ask your carrier or network service provider to activate Port Freeze or Number Lock to protect your mobile number from unauthorized transfer. Once activated, you can't port your number to another line or carrier unless you remove the lock, either with a PIN or by walking into the store. If your carrier allows this feature, it's an excellent way to beef up your SIM protection.
3. Use an App Based 2 Factor Authentication Not SMS 2FA
2FA is another way to add an extra layer of security to your accounts. However, we recommend using the Google Authenticator app for all 2 Factor Authentication or 2FA security since most hackers try and use the SMS text based method of 2FA to try and fish for your passwords.
4. Enable biometric authentication on your device
Passwords, PINs, and 2FAs are great. But face and touch IDs offer a level of protection that exceeds those because they require your physical presence to work.
Whenever possible, use mobile apps and services that support two-factor biometrics. That way, even if thieves get their hands on your phone number, they won't be able to bypass the biometric barrier.
5. Use a SIM PIN Lock on your device
A SIM PIN is a 4-digit code that stops people from using your SIM card when it's switched off or taken out of your phone. If you set up a SIM PIN, you'll be asked to enter the PIN when you turn on or restart your phone. This will prevent the sim card from being switched from your device unless the hacker has the original PIN that you set up during intial setup.
Display prices in:USD
