SIM Swapping Attacks

Welcome to The Safety Net, a newsletter that profiles scams and helps you protect your family from them. If you like this issue, please share it with anyone who might like it. Thanks!

SIM Swapping Attacks

Our phones have become part of our identity. We use them for everything from messaging to shopping to managing our finances. Everywhere we go, our phones go with us as our connection to the digital world. 

Unfortunately, we’ve seen a number of scams where people have their phones hijacked using a technique called “SIM swapping.” Phones connect to mobile networks using a SIM Card, which is a very small card containing information that connects your phone with your account with your mobile carrier. It’s the SIM Card, not the phone, which identifies you to the mobile carrier. If you buy a new phone, you can just swap the SIM card to the new phone and start texting and receiving calls. 

Scammers know this, and they can hijack your phone using a SIM Swap attack. A scammer simply goes to your mobile carrier and pretends to be you, asking for a new SIM card. If they are successful, the SIM card they are given allows them to take over your account! That means all of your calls and text messages would go to their phone, not yours. That includes security verification codes sent over text.

So what can we do to stay safe? Most mobile carriers allow you to set up a passcode (or PIN.) This is similar to what you use to unlock your phone - usually a short sequence of numbers. Just like on your phone, the passcode keeps strangers from getting access to your account. If you haven’t set that up with your mobile provider yet, it’s usually a quick process and highly recommended as a first step. (Links for some common carriers below.)

These codes are not a perfect solution, as scammers often bribe mobile carrier employees to complete the SIM swap anyway. You should avoid using text-based authentication or verification codes for any important services, like bank website access, because they can be hijacked if your SIM is swapped. 

The good news is that the apps on your phone that require special logins, like your email, can’t be stolen with a SIM swap. A scammer who swaps your SIM can only access your calls, texts and voicemails. That is a lot but it’s not enough for them to steal from you as long as you are careful. 

The chances that you are a victim of a SIM swap is low, but it’s important to be careful. Keep your phone with you everywhere you go, but don’t trust it too much.

The Safety Net is a free newsletter, subscribe to get tips like this in your inbox every week!

Quick Tip of the Week: Mobile Carrier Passcodes

Almost all mobile carriers allow you to set a secret code that prevents anyone from changing your account without it. By setting one up, you make it harder for scammers who might try to pretend to be you. Here are links to more information for setting up secret codes for major US mobile carriers:

• Verizon

• AT&T

• T-Mobile

Have you come across a scam recently? Received some weird messages that you think might be a scam? Forward them to [email protected] and we’re happy to help! We’ll take a look and let you know what we think, and if it is a scam we’ll profile it in future issues of The Safety Net to protect others.