SIM Swap scam

Enabling two-factor authentication is one of the most effective ways of keeping your accounts secure from password leaks and other attacks. However, cyber attackers have been getting more creative, and one threat in particular that became more common within the last few years is known as SIM Jacking or SIM Swap scam. This is where criminals attempt to gain access to a victim’s personal details and accounts by compromising the victim’s mobile SIM card.

What is a SIM card?

A Subscriber Identity Module (SIM) is a small card with an installed microchip that fits into a phone’s SIM slot. It holds information that serves as a unique identifier of a subscriber to a specific mobile carrier (T-Mobile, AT&T Wireless, etc.).

How do SIM Swap or SIM Jacking Scams work?

Attackers use social engineering tactics, such as phishing scams, to impersonate the victim and convince the victim’s mobile phone carrier to transfer their account and phone number over to the attacker’s SIM card. This gives the attacker full control of the victim’s phone number, and the ability to receive any verification codes sent to the victim’s accounts via texts or calls to the phone number.

A successful attacker can gain access to the victim’s online accounts. The attacker gains access to email, social media, employment, online banking, and other accounts using one-time password reset codes.

How can I prevent these scams from happening?

Here are some things you can do to ensure that your online accounts remain secure:

1. Set up a PIN on your account and SIM card through your wireless provider.
2. Create and never share complex answers to security questions and secret passphrases.
3. If given the option, use 2-Factor authentication hardware tokens or apps such as DUO mobile, Google Authenticator, Microsoft Authenticator, etc. These 2-factor authentication methods allow you to authenticate your identity without having to confirm via call or text.

With the recent boom in cryptocurrency trading, these types of scams have become more prevalent and elaborate. Be on the lookout for phishing scams that allow fraudsters to gather personal details about the victim to impersonate them. Do you suspect that your SIM has been compromised? Contact your wireless provider immediately to address the issue.