Language selection

Search

The SIM card swap scam: What it is and what you can do to minimize risk

Do you know about SIM fraud?

Smart phones offer many benefits, including convenience and easier communication. Many people feel they can’t live without them, and use their devices for banking, shopping, paying bills, account verification and to access social media.

As phones have become an integral part of our daily routines, they are also becoming increasingly attractive targets for malicious individuals. One relatively new way bad individuals are targeting people is through a type of fraud called the “SIM card swap scam” which aims to get access to individuals’ personal accounts, including email, social media and financial accounts.

How it works:

A SIM (Subscriber Identity Module) card is a thumbnail-sized chip that plugs into a person’s cellular phone. The card identifies the user and enables communications on a cellular network.

In this scam, fraudsters deceive a phone company into swapping a SIM card associated with one cellular phone to a new device, giving the fraudster access to all of a person’s phone calls and text messages. Basically, the fraudster has stolen a person’s cellular phone number.

There are two ways that this can happen. One way is to have a SIM card swapped to a different phone with the same service provider. The second way is through a process called “porting”, where a person’s cellular phone service is ported to a new device with an entirely different cellular service company.

When used for legitimate purposes, porting and SIM swapping are accepted processes that allow customers to switch between cellular devices or move from one phone provider to another.

Malicious individuals carrying out this fraud gather personal information about an individual, for example, on social media. Targeted information often includes a person’s birthdate, full name or address. They may also send a “phishing email” to a person’s email account in a bid to extract information.

Phishing is an email scam that lures you under false pretenses to click on links, documents or websites that look legitimate to get you to provide personal information. Such emails sometimes appear to be from recognizable sources such as banks or disaster relief organizations but are actually linked to fraudulent websites.

Once the fraudster has collected enough information about the victim, they can use that information to contact that person’s cellular phone provider in an attempt to impersonate them. If successful, they can claim that the victim’s cellular phone has been lost or stolen. Doing so could see the victim’s cellular services linked to a new SIM card and device controlled by the fraudster.

Many applications and online accounts are linked to email addresses or cellular phone numbers. Often those applications and accounts use text messages to authenticate a person’s identity. When a person tries to login, a text is sent to their cellular phone with a unique code. The account holder needs that code in order to access their services online.

Once fraudsters take over the victim’s cellular phone account, they have access to those codes. Using that information, they could gain control of a victim’s online accounts or request that passwords be reset or changed, locking the victim out. The fraudster could take over a person’s bank, social media, email or any other account that they have linked with their cellular phone number.

What are the signs you’ve fallen victim to a SIM card swap scam?

One of the first signs you may have fallen victim to SIM card swap scam is the sudden loss of cellular phone services, including the inability to make phone calls or send text messages.  

In order to take over a person’s account, the fraudster needs to move the cellular service to another SIM card and phone. That leaves the victim’s phone without service.

Some victims will also notice an unexpected text message from their cellular provider that says their cellular phone services are about to switched to a new provider.  

Should you notice anything suspicious about your phone, contact your cellular service provider immediately.

What you can do to mitigate the risk of falling victim to a SIM card swap scam:

  • Ask your service provider about additional security controls which can be placed on your account such as adding a PIN, a passcode, or port lock. A port lock can prevent your phone from being ported unless you can verify your identity in person. These steps will help prevent unauthorized parties from being able to access or move your cellular phone services.
  • Avoid sharing cellular phone numbers openly on social media and limit the sharing of any identifying details. This type of information can leave a person vulnerable, including to identity fraud or theft. Scammers can use information on social media in an attempt to impersonate a person.
  • Use unique passwords for each website, account, and device you use. Avoid obvious choices such as a mother’s maiden name, child’s name, pet’s name or any reference someone may be able to guess through information you have posted elsewhere.
  • Be aware of unsolicited emails that try to get you to provide personal information, even if they look legitimate. Do not open attachments or click on suspicious links that may be in those emails. If in doubt, contact the person or organization that purportedly sent it to you directly.
Date modified: