SIM swap scam: What is it and how to prevent itPublished: Aug 25, 2021
SIM swap scam at a glance
SIM swapping refers to the process of transferring your mobile number from one SIM card to another, say when switching mobile carriers or phone plans. The scam comes into play when a bad actor tricks mobile carrier employees into thinking that he is the rightful owner of the phone number, and requests a SIM swap.
If successful, the scammer will not only gain access to the victim’s calls and SMS, but potentially also his online accounts linked to the hijacked number—for example, via two-factor authentication (2FA). Sensitive accounts that might be linked to mobile numbers include bank as well as email and social media accounts.
Read on to learn what are the signs that your SIM has been hijacked, what to do if you’re a victim of the scam, and how to avoid falling prey to it.
Signs your SIM has been hijacked
It’s not immediately obvious when your mobile number has been hijacked, but here are some signs:
You cannot make phone calls or send SMS messages.
You cannot receive phone calls or SMS messages.
You are no longer connected to your mobile carrier (i.e. no cellular service).
You receive notifications from your mobile carrier that your SIM or mobile number has been activated elsewhere.
You receive emails or SMS messages about password reset requests for your online accounts that you didn’t make.
If you suspect you’re a victim of the SIM swap scam, act fast and contact your Telco for further assistance.
What to do if you’re a victim
Contact your service provider if you haven’t, and inform them of the fraud.
File a police report for identity theft.
Alert your banks of the fraud and put your accounts and cards on hold.
For extra precaution, change your bank account or credit card numbers and keep them separate from your phone number.
Tend to sensitive accounts first (like those tied to government services) and dissociate them from your phone number. e.g. Instead of SMS OTP (one-time password), use a hardware token for authentification.
Unlink other important accounts from your phone number, for example, Google or Apple accounts, or financial services like PayPal.
When scrubbing through your accounts, do not have confirmation codes or reset links sent to your phone number, as these will be sent to the scammer, not you.
Quick tips to avoid falling victim
Use a physical token or an authenticator app instead of SMS or phone calls for 2FA.
Avoid revealing too much personal information online, e.g. your phone number or full name.
Beware of phishing scams. Learn to spot the signs of phishing on Scam Watch.
Get protected with