SIM Swap Scam, A Modern Day Threat

In this day and age, the average person is surrounded by cyber, phone and online threats. While having the opportunity to handle all aspects of our lives with a smartphone or a laptop can be a godsend, it also makes the ‘job’ of fraudsters much easier. 

SIM swapping – also referred to as SIM jacking, SIM porting, port out fraud, phone porting and SIM hijacking – is stemming from a service offered by many providers who are willing to move your phone number and services to a new SIM card in case something happens to your original SIM or phone. 

Here’s what happens. The fraudster needs to have some of your personal information, in order to be able to trick the provider’s representative into executing the SIM change. These are, in most cases, details available on social media accounts, such as name, email, birth date. If more elaborate details are required, the fraudster will acquire these either by use of phishing emails, by convincing a victim to provide personal or financial information or by purchasing them from organised criminals. 

Once they have the necessary details, all they need is a support agent on the service provider’s end who will perform the SIM change, having identified the owner of the phone number. From then on, it’s pretty much smooth sailing for the scammer. Instead of the real owner of the phone number, the scammer will receive all calls and texts, including codes sent by financial institutions for two-factor authentication. 

Here are some red flags to look out for. You may have fallen victim to SIM-jacking if you’ve experienced one of the following: 

  • Your phone connection might stop working, meaning you will no longer receive calls or texts messages and are unable to make a call. This can happen because your service may already have been redirected to another SIM. If you experience this, contact your provider immediately. 
  • Criminals will send a flurry of nuisance calls and/or messages in an attempt to get victims to turn their phones off. If you’re suspicious, it’s vital that you don’t turn your phone off as this is used as a distraction to delay you noticing a loss of service when a SIM is swapped.
  • If you see any unknown or strange activity on your bank account – or any account for that matter, always contact support to find out what’s going on. 

Of course, it’s best to avoid falling into the SIM hijacking trap. Here are a handful of tips to avoid being a scammer’s next victim: 

  • Be on the lookout for phishing! Don’t click links, download programs, or sign in to websites you don’t recognize. 
  • You should keep your personal data personal, and share as little as possible on your social media accounts. Also, it is advisable to delete or deactivate any accounts you no longer use. 
  • Protect your accounts as much as possible. Use randomized and unique passwords. Use a suitable two-factor security method that relies on a physical device, and not on SMS-based verification. Avoid using your Google, Facebook, etc. accounts to log into other services. 
  • You should ask your provider what additional security options they may offer so that your service cannot be diverted without your permission. 

Have you already been SIM jacked? Here is a list of tips to help you do some damage control: 

  • While panicking is understandable, you need your brain’s full capacity to solve the situation. So deep breaths and…
  • Contact your mobile service provider to either cancel your phone number/service or revert it back into your control. Also, request the details of the support process that has led them to swap the SIM, as well as any activity that occurred since the swap so that you can take that information to the authorities. 
  • Change your password for any of your accounts that may have been compromised. 
  • Secure any financial accounts and contact your bank to take all necessary measures. 
  • File a report with law enforcement. 

A successful SIM swap attack can affect many of your accounts, therefore, many areas of your life (bank/card details, tax returns, personal correspondence, etc). It’s best to keep some of those areas offline, and whether you avoid or fall victim to such an attack, always educate others, so more people can be aware and alert. 

You might also like