SIM swapping (also known as SIM hijacking or SIM swap fraud) is a type of identity theft where a criminal tricks a mobile carrier into transferring a victim’s phone number to a SIM card the criminal controls. Once they gain control of the phone number, the attacker can intercept calls and text messages, including two-factor authentication (2FA) codes, to access sensitive accounts like:
• Banking apps
• Email accounts
• Social media
• Cryptocurrency wallets
How SIM Swapping Works:
- Gather Personal Information: The attacker collects personal data about the victim—through phishing, social engineering, data breaches, or the dark web.
- Contact Carrier: The attacker contacts the victim’s mobile carrier and impersonates them, claiming the phone was lost or stolen.
- Request SIM Transfer: They request the number be transferred to a new SIM card (that the attacker controls).
- Receive 2FA and Calls: Once the number is ported, the attacker receives all SMS messages and calls, allowing access to the victim’s accounts.
Warning Signs:
• You lose cell service suddenly (e.g., “No service” or “Emergency calls only”)
• You’re locked out of online accounts
• You receive unexpected password reset messages or 2FA codes
How to Protect Yourself:
• Use app-based 2FA (like Google Authenticator) instead of SMS-based 2FA
• Set up a PIN or password with your mobile carrier
• Use strong, unique passwords
• Monitor account and credit activity
• Be cautious of phishing attempts
