Smartphones are now the go-to device for many people. You can check email, pay bills, or post on social media. So imagine getting an unexpected notification from your mobile phone provider that your SIM card has been activated on a new device. What happens in these cases? These could be signs that a scammer has cloned your SIM card to hijack your mobile number. sim swap

But how do scammers trade a SIM card like this? They might call your cell phone service provider and say your phone has been lost or damaged. They will then ask the provider to activate a new SIM card linked to your number on a phone they own. If your provider believes the bogus story and activates the new SIM card, the scammer, not you, will get all your text messages, calls and data on the new phone.

The scammer, who is now in control of your number, could open new cellular accounts in your name or buy new phones using your information.

Or they could log into your accounts using text messaging using two-factor authentication to their advantage.

Why is it so dangerous?

Multi-factor authentication (MFA) can provide additional protection for your accounts. In addition to the password, you will need a second credential to verify your identity. It could be something you have, like a passcode you receive via text message, a security key, or an authentication app.

Armed with your login credentials, the scammer could log into your bank account and steal your money or take control of your email or social media accounts. And they could change your passwords and lock you out of your accounts.

SIM swap scams on the rise

According to the FBI, scammers are turning more often to SIM swap scams. The bureau reported that in 2021, the FBI received 1,611 reports of SIM swaps. The losses in these crimes topped $68 million.

From January of 2018 through December 2020, the FBI received just 320 SIM swap complaints, with the victims of these crimes losing about $12 million.

A recent example of this scam?

In January 2022, a Tampa resident found that he could no longer log into his account with Coinbase, a site that allows consumers to trade cryptocurrency. According to a story from WFTS in Tampa Bay, the man then discovered that he could no longer make phone calls or send texts with his smartphone.

Scammers stole the man’s phone number, intercepting his two-factor authentication code. The scammers then used this code to access his Coinbase account, emptying it of about $15,000 worth of cryptocurrency.

Something similar happened with another victim last year, as reported by CNET. According to the story, fraudsters used the victim’s two-factor authentication code, after stealing his phone number, to access his Coinbase account, using it to buy $25,000 worth of Bitcoin.

Signs that you’re the victim of a SIM swap

It’s important to recognize the warning signs of a SIM swap. Doing so can help you shut down fraudsters’ access to your phone—and all the texts and calls it receives—quickly, hopefully before they cause too much damage.

One warning sign, as seen in Dorsey’s case, is social media activity that isn’t yours. The tweets made to Dorsey’s Twitter account alerted him to the breach.

But here are four other key signs that you might be a victim of SIM swapping:

How can you protect against SIM swap scams?

Fortunately, there are ways in which you and your service providers can help protect against becoming a victim of SIM swap fraud.

• Online behavior: Beware of phishing emails and other ways attackers may try to access your personal data to help them convince your bank or cell phone carrier that they are you. Don’t click on links in email messages from people you don’t know. Remember, your bank, cable provider, credit card company, or other service providers won’t ask for your personal or financial information through an email message.
• Account security: Boost your cellphone’s account security with a unique, strong password and strong security questions and answers that only you know.
• PIN codes: If your phone carrier allows you to set a separate passcode or PIN for your communications, consider doing it. It could provide an additional layer of protection.
• IDs: Don’t build your security and identity authentication solely around your phone number. This includes text messaging (SMS), which is not encrypted.
• Authentication apps: You can use an authentication app such as Google Authenticator, which gives you two-factor authentication but ties to your physical device rather than your phone number.
• Bank and mobile carrier alerts: See if your banks and mobile carriers can combine efforts, sharing their knowledge of SIM swap activity and implementing user alerts along with additional checks when SIM cards are reissued, for instance.
• Behavioral analysis technology: Banks can use technology that analyzes customer behavior to help them discover compromised devices, warning them not to send SMS passwords.
• Call-backs: Some organizations call customers back to make sure they are who they say they are—and to catch identity thieves.

SIM swapping is one reason why a phone number may not be the best verifier of your identity. It’s a breachable authenticator. Adding additional layers of protection could help keep your accounts—and your identity—safer.

Like this? "Sharing is caring!"