Our smart phones may be small, but they are computers with many of the same capabilities as full-size computers. They store a significant amount of personal information. Unfortunately, scammers have figured out how to gain control over all that data. It’s not hard because smart phone manufacturers and wireless providers want it to be easy for all of us to switch providers or upgrade to the latest phone. Every smart cellphone has a subscriber identity module, otherwise known as a SIM card. The SIM card might be a pinky nail sized card inserted on the side or the phone, or more often today, it may be an e-SIM card, which means it isn’t a physical card.
Scammers obtain information about potential victims through social media, phishing emails, etc. The info might be the victim’s cellphone number, date of birth, mother’s maiden name, where they were born, etc. Remember when you played that cute “Which television cartoon are you” game on Facebook? Participating in these types of activities on social media provides scammers with much of the personal information they need to attack.
Once they have sufficient information, the scammer calls the victim’s cellphone company and impersonates the victim. They say they’ve lost their phone, but they have a new one. The cellphone company responds “Sure, we can help you get a new SIM card. To verify your identity, would you please provide me with your mother’s maiden name and where you were born?” The scammer provides information they gleaned from social media and other sources and now has access to the victim’s cellphone.
Once the scammer has access, they’ll get all the victim’s phone calls and text messages. They can easily gain access to bank accounts by impersonating the victim and telling the bank they need to reset their password. The bank will send a text message to verify the request to the scammer!
Meanwhile, the victim will realize they can no longer make calls on their phone. They will probably contact their cellphone provider or make a visit to the cellphone store in person. By the time they resolve this, the damage has been done. Banks accounts could be emptied, credit cards maxed out, and more.
The Federal Trade Commission (FTC) website recommends the following to protect yourself from a SIM card swap attack.
- Don’t reply to calls, emails, or text messages that request personal information. These could be attempts by scammers to get personal information to access your cellular, bank, credit, or other accounts. If you get a request for your account or personal information, contact the company using a phone number or website listed on an official account statement or on the back of your credit card. Do not call the phone number or go to a website given to you by the questionable source.
- Limit the personal information you share online. If possible, avoid posting your full name, address, or phone number on public sites. An identity thief could find that information and use it to answer the security questions required to verify your identity and log in to your accounts.
- Set up a PIN or password on your cellular account. This could help protect your account from unauthorized changes. Check your provider’s website for information on how to do this.
- Consider using stronger authentication on accounts with sensitive personal or financial information. If you use multi-factor authentication (MFA), keep in mind that text message verification may not stop a SIM card swap. If you’re concerned about SIM card swapping, use an authentication app or a security key.
If you’re the target of a SIM swap scam, the FTC suggests the following.
- Contact your cellular service provider immediately to regain control of your phone number. Once you have access to your phone number, change your account passwords.
- Check your credit card, bank, and other financial accounts for unauthorized charges or changes. If you see any, report them to the company or institution.
- If you think a scammer has your information — like your Social Security, credit card, or bank account number — go to IdentityTheft.gov to see the specific steps to take.
Scammers are insidious. As systems are developed to protect against identity theft, the scammers figure out new schemes. Keeping informed about the latest security developments is a good idea, but can be intimidating. Discuss security with your cellphone provider when you update your phone.