What is a SIM swapping scam? Understand and prevent it

What is a SIM swapping scam? 

A SIM swapping scam is a type of identity theft where a bad actor transfers your phone number to another device without your consent. With access to your phone number, the criminal can receive calls and text messages meant for you.

This scam doesn’t just violate your privacy. It allows bad actors to access sensitive information and can undermine security measures like two-factor authentication. For example, if you request a one-time sign-in code for your online banking, the code goes to the scammer. Then, they can take control of your account and drain your funds before you even realize what happened. 

However, it’s important to note that SIM swapping is not always a scam. Whenever you buy a new phone or replace a lost or stolen device, your mobile carrier will use SIM swapping to activate your number on your new mobile device. SIM swapping only becomes illegal when it’s unauthorized. If a bad actor transfers a SIM to a mobile device without your consent, it’s a crime.

How does SIM swapping work? 

SIM swapping works by convincing your mobile carrier to transfer your SIM to a new phone controlled by the scammer. If your phone uses a physical SIM card, a criminal can simply steal your SIM and insert it into their own mobile device. 

Most SIM swapping scams start with an information-gathering stage. The bad actor will need to know personal details like your address, passwords, account numbers, Social Security number, and answers to security questions to convince your phone carrier. Criminals can get your sensitive information in various ways, like internet searches, social media profiles, data leaks, or the dark web. They may even contact you directly through phishing scams, where criminals use social engineering techniques to trick you into sharing your information.

Once the criminal has enough of your personal details to pretend to be you, they will reach out to your wireless provider, say your old phone was damaged, and request a SIM swap to a new device. If the bad actor succeeds, your number will be transferred to their device. Text messages and phone calls meant for you will be redirected to the scammer. Then, before you know it, your SIM card stops working, and you have become a victim of identity theft.

What are the dangers of SIM swapping?

SIM swapping can be very dangerous for the victim. At best, your reputation and relationships can be damaged. At worst, you could lose money and find yourself on the hook for unauthorized loans.

The dangers of SIM swapping include:

• 2FA bypass. SIM swapping can help bypass two-factor authentication because a sign-in code is sent to a scammer. If you fall victim to a SIM swapping scam, any account you have enabled 2FA on, such as your bank account or social media profile, can fall into the scammer’s control.

• Financial loss. Most scams exist for financial gain, and SIM swapping is no exception. One of the most common outcomes of SIM swapping attacks is financial loss. Criminals use control of your phone number to bypass two-factor authentication and empty your bank accounts, investment profiles, or cryptocurrency wallets in the blink of an eye.

• Account access. Scammers can use mobile sign-in codes to log into any online account with 2FA enabled. Once the cybercriminal gains access to your accounts, they can easily change the password and lock you out. Scammers often target bank accounts, but they can also take control of other accounts, like social media profiles, where they can impersonate you further. 

• Unauthorized lines of credit. By having control of your phone number, cybercriminals can also set up new financial accounts, loans, or lines of credit in your name. Even though you don’t have control over or even knowledge of these accounts, they’re tied to your name, so they can negatively impact your credit score, lowering your chances of getting credit cards, mortgages, or loans in the future.

• Reputational damage. The costs of SIM swapping aren’t purely financial. When someone has control of your phone number, they can easily impersonate you via text messages, phone calls, or social media. A bad actor can destroy your personal relationships by sending abusive messages, or they can damage your reputation through offensive social media posts. 

Because SIM swapping scams have such serious consequences, you must do everything you can to protect yourself and your device.

Examples of SIM swapping scams

Learn more about the most common examples of SIM swapping so that you can protect yourself:

• Physical SIM swaps. A physical SIM swap scam involves someone stealing your SIM card and putting it into a new device. If you’re traveling and switched to a local SIM card for your destination, make sure that you store your home wireless provider’s SIM in a safe location. A loose SIM card is easier to steal and can increase your chances of a SIM swap scam.

• Phishing SIM swaps. Watch out for phishing attacks that could be used for a SIM swapping scam. Never share your personal data over the phone without verifying the caller’s identity, and be careful whenever you click a link or enter information into an online form.

• Data breach SIM swaps. Sometimes, criminals can initiate a SIM swap without ever coming into contact with you. Data breaches, the dark web, and social media may have enough information for bad actors to impersonate you with your phone company, meaning you won’t have any warning signs of the fraud until it has already been carried out.

The most high-profile example of a SIM swapping scam occurred in 2019 when the then-CEO of Twitter, Jack Dorsey, had his phone number transferred to another device without his authorization. The scammer used the stolen phone number to access Dorsey’s Twitter account and began posting offensive messages.

It only took Twitter 15 minutes to regain control of Dorsey’s account, so the worst of the damage was mitigated. However, for an average person, recovering accounts from SIM swap scammers can take days or even weeks! Anyone can become a victim, so it’s extremely important to learn how to avoid SIM swapping.

How common is SIM swapping?

SIM swapping is a relatively new type of scam, but it’s on the rise. According to the FBI Internet Crime Complaint Center, United States SIM swapping cases rose by 400% from 2018 to 2021, accounting for approximately US$68 million in financial damage. That means that SIM swapping is, unfortunately, very common, and it’s only getting more popular.

How to tell if you've been SIM swapped

SIM swapping scams can happen without any warning signs, so it’s important to learn how to tell if you’ve been SIM swapped. The sooner you pick up on the fraud, the more likely you’ll be to recover your accounts.

The signs of SIM swapping include:

• Strange calls, emails, or text messages. Suspicious phone calls, emails, or text messages can be an early sign that scammers are attempting to phish data from you. Phishing scams can lead to a variety of negative outcomes, so read up on anti-phishing techniques to protect yourself. 

• Loss of phone service. If your phone abruptly loses service, your SIM may have been switched. When your SIM gets swapped, your phone may still be able to access the internet or use applications on Wi-Fi, but you won’t be able to use mobile data, send and receive texts, or make and receive phone calls. Keep an eye out for error messages like “No SIM available,” and check with other people nearby to see if they’ve also lost service. Sometimes, you may just be in an area where your wireless provider doesn’t have coverage.

• Strange account activity. If you notice that someone is making posts on your social media profiles, buying items through an online retailer, or making wire transfers without your authorization, you may have been SIM swapped.

• New device added. If you receive an email or letter from your mobile provider stating that a new device has been added to your account or you find a device that you didn’t authorize, a bad actor may be attempting a SIM swap.

• Notification of SIM transfer. Wireless providers may notify you when they perform a SIM transfer. If you receive an alert about a SIM transfer that you didn’t approve, contact your carrier immediately.

• Loss of account access. If your login credentials no longer work and you’re locked out of your online banking, credit card, social media, or other accounts, it could be a sign of a SIM swap.

What to do if you've been SIM swapped

If you’ve been SIM swapped, it’s important to act quickly. Follow these steps to secure your accounts:

1. Contact your mobile provider and explain what happened. They can help you get your SIM transferred back to your phone, as well as launch an investigation into the incident.

2. Inform your bank, credit card company, and other financial organizations of the fraud. They’ll advise you on how to review suspicious transactions and secure your accounts.

3. Report the crime to your local police.

4. Monitor all your accounts for suspicious activity, including online banking, social media, and other online accounts.

5. Consider freezing your credit with major credit firms so that no one can open new accounts or take out loans in your name.

How to prevent SIM swapping 

Because most SIM swapping scams happen without any prior warning, learning how to prevent them can be the best way to protect yourself. Follow these best practices for SIM swap prevention:

• Set up a PIN with your carrier. Ask your mobile carrier to set up a PIN code to authorize all account changes.

• Choose strong, unique passwords. If a scammer can’t get your password, they can’t bypass 2FA with a SIM swap. Create unique passwords that combine upper- and lowercase letters, numbers, and symbols and change them frequently.

• Learn anti-phishing techniques. Prevent criminals from getting enough information to impersonate you by practicing anti-phishing techniques, like verifying a caller’s identity and avoiding opening suspicious links and attachments.

• Don’t give out your phone number. Only share your phone number when it’s necessary. The easier it is to find your phone number, the more likely a SIM swap is.

• Use different numbers for important accounts. If you’re worried about SIM swapping, having multiple phone numbers can help protect you. Consider attaching a phone number to your online banking account that is separate from your personal phone number.

• Notify your carrier of suspicious activity. If you notice a strange device on your account or receive a notification of an unauthorized SIM transfer, contact your wireless provider immediately.

• Avoid sharing personal information on social media. You would be surprised what people can learn from your social media profiles! Don’t divulge your phone number or personal info, like your address, that can be used to guess passwords or answers to security questions.

• Use an eSIM. An eSIM is a virtual alternative to physical SIM cards that can’t be lost or stolen, so it offers an extra layer of SIM swap protection.

How can eSIMs reduce the risk of SIM swapping? 

eSIMs can be a great way to reduce the risk of SIM swapping. They aren’t vulnerable to physical SIM card swap attacks. Since they’re virtual, they can’t be lost or stolen.

Especially if you’re travelling abroad, you don’t have to worry about accidentally leaving your SIM card unattended or having it picked from your pocket. One of the benefits of an eSIM is that you don’t have to connect to shady Wi-Fi networks where cybercriminals may be lurking, ready to steal your data for SIM swapping attacks or other types of fraud.

The Saily eSIM app can help keep your phone number safe when you’re traveling. Saily offers cost-effective plans for over 200 international destinations so that you can get the high-speed data you need, no matter where you are.

And even better than that, Saily’s security features guard you against internet dangers. Our enhanced security measures block malicious sites, online trackers, and ads for a safer, faster, and more enjoyable browsing experience.

Download an eSIM app to stay safe on your next trip!