SIM swapping is a type of account takeover fraud that targets a weakness in two-factor authentication and two-step verification in which the second factor or step is a text message or call placed to a mobile telephone. It occurs when scammers contact a mobile phone carrier and trick them into activating a SIM card that the fraudsters have, giving them control over the victims phone number. Once the scammers have sufficient information to persuade a mobile phone carrier to assign a stolen phone number to their phone, the swaps happen quickly, and the thefts of money happen when the thieves receive the two-factor codes sent to the proper owner of the phone number. SIM swapping is also known as port-out scam, SIM splitting, Smishing, and simjacking.
Fraudsters usually perpetuate SIM hijacks after obtaining a customers personal information via phishing attacks or by purchasing compromised account credentials through dark web marketplaces. Victims of hijacking attacks frequently have their email accounts compromised before the SIM change, allowing fraudsters to intercept communications from providers like Verizon.
The signs of a SIM swap are often quite easy to identify and will usually become obvious soon after the attack. These are just a few things to look out for:
- Loss of mobile network service
- Inability to make or receive calls or texts
- Unusual texts or calls appearing on your phone bill
- Unusual activity on your bank accounts or credit cards
To protect yourself from SIM swapping, you can take the following steps:
- Use a strong and unique password for all your accounts
- Enable two-factor authentication using an authenticator app instead of SMS
- Contact your mobile carrier immediately if you lose mobile network service
- Use a mobile security app to help keep your personal information safe
If you suspect that you have been a victim of SIM swapping, you should contact your mobile carrier and financial institutions immediately to report the fraud and take steps to secure your accounts.