SIM swaps, also known as SIM swap scams or SIM hijacking, can be a nightmare for an unwary victim. According to a recent announcement by the FBI, this ruse is on the rise. Here’s what you need to know about this prevalent scam and how to protect yourself.
How the scam plays out
Before the scam is pulled off, the scammer will generally employ a phishing scam to obtain the target’s personal information, mobile number, and phone service provider information. They’ll then use this info to convince the service provider that they are actually the target and ask them to transfer the number to their own SIM card. Finally, they’ll insert the newly activated SIM card into their own device and use it to access the victim’s accounts by bypassing the SIM-based two-step authentication. If the target doesn’t catch on soon enough, the scammer can change all passwords for online accounts linked to the phone. This leaves the victim with an inactive SIM card and locked out of their own accounts.
Warning signs of a SIM swap
- You can no longer make calls or send text messages. This is the very first sign. You will likely still be able to use your apps at first, so be sure to take action right away by changing your email password and other account passwords.
- You receive an email stating that your SIM card was activated on another device.
- You suddenly can’t log in to your accounts.
- You discover unfamiliar financial transactions.
If you’ve been targeted
If you believe you’ve been targeted by a SIM swapping scam, take these steps to mitigate the damage:
- First, change your email password, then change the passwords and logins on all your other accounts.
- Contact your cellphone provider to regain control of your phone number.
- Let your financial institution and credit card companies know about the scam so they can look out for suspicious activity on your accounts. Consider locking your financial accounts until the issue is resolved.
- Consider placing a credit alert and/or credit freeze on your accounts.
- Report the scam to your local FBI field office, your local law enforcement agency and the FBI’s Internet Crime Complaint Center.
Despite its prevalence, there are ways to protect yourself from SIM swaps:
- Never share personally identifiable information online.
- Use long and strong, unique passwords across all your online accounts.
- If possible, create a password code with your cellphone carrier that needs to be provided before any changes can be made.
- Never share information about your financial assets while online.
- Never share information about your mobile phone number or cellphone provider with an unverified contact over the phone or online.
- If you receive an unexpected call, message or email from your mobile phone’s provider asking you to share or confirm information, do not engage. Contact the provider directly to determine if the communication was authentic.
- Keep your social-media platform settings private.
- Sign up for E-Alerts for SMS and Email.
- Use strong, updated security for all your devices.
Stay alert and stay safe!