SIM swapping is a scam in which someone misuses a mobile phone number for online identity theft. Fraudsters are using this attack to steal money and then the mobile carriers are strengthening their security measures in the checkout lines to avoid it. Increasingly, mobile devices are being used as the primary method for accessing the Internet. One way this is happening is through a user’s own cell phone number, which can serve as an identifier instead of or in addition to an e-mail address.
What is SIM Swap Fraud?
In most cases, mobile phone providers offer customers the option of receiving a new SIM card if they lose their mobile phone or the SIM card has a technical defect. In a SIM swapping attack, the attacker convinces the provider to transfer the previous telephone number to the new SIM card. For example, an attacker could pretend to be the customer in an online portal by stealing access data ahead of time, or by posing as the customer over the phone with customer service representatives. Some providers also allow customers to port their number under a false name while terminating their traditional contract.
Once the fraudster gets their hands on the SIM card, they can make calls and receive SMS messages from people on the victim’s mobile phone number–allowing them to access online services as if they were that person. For example, they could use this method to get a new password by asking for one to be sent via an SMS message.
For example, your mobile phone number is often used in things like online banking. Some high-security sites and services, including many e-mail providers or Twitter, for example, will employ a two-factor authentication procedure. They’ll send you a notification to your phone, which are then entered in addition to the password. Other banking applications send an encrypted TAN code to your mobile phone via SMS (mobile TAN procedure).
With eSIMs, swapping SIM cards is easier than ever. You no longer need a postal address to load virtual SIM cards. As a result, the first eSIM swaps have already occurred and some providers are adding extra security measures into their eSIM systems.
As an online business, protecting your personal data is important to you. Those accessing this information usually need to know your name, your phone number and other identifying data like a street address or access to the online portal of your mobile phone provider. This information can often be obtained or purchased through methods such as phishing emails.
One of the most important steps to take against phishing is to have a healthy distrust of emails from the bank. We don’t believe it’s necessary to completely stop trusting your bank, but we do encourage you to be wary and make sure you verify things with them before going through with anything.
How to Protect Yourself From SIM Swap Fraud?
An effective way to protect against SIM swapping attacks is to set a customer password or PIN code for when you order a new SIM card. This way, you’ll be able to access your phone number and its data. However, if you unexpectedly no longer receive mobile data or can’t make calls, it’s important to contact your mobile provider directly.
To prevent a SIM swap, consider disabling password reset via an SMS. If possible, do this through the settings in your online account.