SIM Swapping:

How to recognize an attack and what to do about it

Sim swapping is a fairly new type of identity theft. It occurs when a scammer tricks a victim’s phone carrier into transferring their phone number to another SIM card, without the victim’s knowledge. This allows the scammer to take on the victim’s online persona, including their social media accounts and email addresses. In this post, we will look at how you can identify whether you may have been compromised by SIM swapping and what steps to take if it happens.

What is SIM swapping?

As we mentioned above, scammers use various tactics to fake the victim’s identity and get their phone company to switch your number to a different SIM. Depending on how much security information they are able to find or get out of you, this allows the scammer to assume your online persona and access your social media profiles and email.

From here, they can try to cross reference multiple accounts to find out your password and login information to gain further access to more vital information within financial accounts, medical records, online shopping, subscriptions, memberships and much more. This happens especially if your passwords or pins are simpler, like your birth date, zip code, street address or other easy to obtain pieces of information.

How to know if you’ve been compromised

In determining whether you’ve been a victim of sim swapping, there are a few things you need to look out for. First, it’s important to recognize the signs even beforehand, to know if you’re being targeted. If someone is asking for sensitive information about you, they may be looking for a way in. The scammer may ask for your social media login credentials or personal information, like your home address or bank account number. 

Email phishing scams are still very common. Often, hackers also make use of fake login pages, apps with spyware & keyloggers, false ads, and malicious attachments, in order to gain access to your accounts. Once they have that, all it takes is knowledge of your phone number and some personal data to execute a SIM-swap attack.

Early warning signs that you may have been hacked include both phone service changes and security access updates, neither of which you asked for. If you find that certain aspects of your phone service have been changed without warning or that you’re receiving emails, texts or any messages mentioning recent changes to any of your security settings without your permission, you may have been compromised.

Also, pay attention to your social media accounts. If any biographical info has been changed or there appear to be posts, messaging, or communication of any kind using your account that you did not post yourself, it could be a sign of SIM swapping.

The dangers of SIM swapping

You cannot send or receive texts and phone calls: If your account has been swapped out to another sim, your phone is rendered inert, leaving you without service until the problem is fixed. This means loss of connection with family and friends, and difficulties with work if you depend on your phone to handle a lot of your professional communication.

Inability to use the apps on your phone: If you find that you are suddenly signed out of all your app accounts or that your login credentials no longer work, this is a strong sign you may have been a victim of SIM swapping. This is a huge hassle, not only because we enjoy using our entertainment apps, but some apps help us stay organized, keep track of our schedules, contain personal or work-related materials, and allow us to function more efficiently.

Social Media Invasion: Imagine going online to use Facebook, Twitter, LinkedIn or any number of social media apps, and finding out, either by looking or from a friend, that someone has hacked your account. They may be sending out messages to others using your identity, phishing for private information from your friends, family, and colleagues, and deleting parts of your info while inserting things that should not be there.

Think about the kind of damage this can cause between you and others, offensive messages, confusing or combative communications, polarizing political or ideological rants, or requests for others to share personal or financial information, all this done under your name and account. It can be a nightmare to backtrack and try to let everyone know of the breach and false messaging.

If it appears your account has been accessed and changed, update all your security info immediately, including usernames, passwords, and security questions. If you need to pause or shut down your account temporarily while you figure things out, feel free to do so in order to protect your information and your reputation, as well as the privacy of others in your network.

Unauthorized Bank Activity: SIM swapping can sometimes lead to damaging financial activity. This means not only your profile or access info being changed, but the theft of your money and changes to your investments. Banks and other financial institutions are generally good about responding quickly to suspicious activity. However, if their messages to you are intercepted by the scammer, significant damage can happen before you realize that something has taken place.

What to do if you suspect it has happened

If you suspect that your phone number has been swapped out, contact the carrier that issued your SIM card. They may be able to provide immediate help with filing an official complaint. Also, work with your carrier to get a list of the mobile numbers associated with your account. If they cannot provide this information, then contact the Federal Trade Commission (FTC): 1-877-382-4357. 

Discuss options with your provider to stop any outside access currently going on and change all access info to your social media and email accounts. Take every precaution and communicate with online contacts once you’ve changed your login information, to let them know a violation has occurred, if there have already been messages or posts sent by someone who has assumed your identity. 

If it appears that something has happened, in addition to changing all access information, check financial statements as well, and let each company know that a breach has taken place, so they can act accordingly to protect you from further damage and protect others from similar attacks.

How to protect yourself in the future

Unfortunately, there is no way to completely prevent yourself from being a victim of SIM swapping. However, there are steps you can take to protect yourself in the future.

Update security information frequently: Don’t go too long with the same usernames and passwords. Schedule regular times throughout the year for you to change all usernames, passwords and security questions in your accounts. This will make it more difficult for others to gain access. Also, use more complex passwords. Avoid using information that is much easier for scammers to find out, like birth dates, addresses, zip codes, family names and other easy to discover info. 

Don’t share personal or financial data online: Avoid sharing these through phones, computers and other devices because of any messages you’ve received. When entering financial or personal info for your own purposes, such as with online shopping or banking, always keep your actions away from the eyes of others. Be careful not to do this in a public place like a coffee shop, where you never know who might be watching or recording your activities. And monitor your account regularly to verify accurate activity.

Never open messages, emails, or ads that seem suspicious. They often contain malicious attachments, viruses, or requests for personal information. Legitimate companies do not contact individuals asking for financial or payment info or random updates to your security settings. If you think a message might be a legitimate contact from a service provider, call them to verify whether this is so and to report the message.

Conclusion

SIM swapping has become a very common way for cybercriminals to gain access to personal information and steal identities. These kinds of hacks often lead to significant damage to individuals’ social media, relationships, public reputation, identity, and finances.

While these attacks cannot be entirely prevented, you can take steps to increase your level of safety by not sharing private information online, never opening suspicious messaging or ads, updating your security and login info frequently, and checking your accounts periodically for any suspicious activity. 

Make sure to report contacts that pose as legitimate companies and report any violations you may have suffered to service providers and to the Federal Trade Commission. Keep your important information private and be careful what you share or view on your devices in public. 

Also, if you are a small business owner, it’s that much more important to protect yourself. It may not be just your personal profiles, but access to business assets that is at risk. Discuss your options for better security with your IT team or a trusted IT specialist who can guide you toward better protection measures and greater privacy.

Tech Masters takes your privacy and security seriously. As a small business owner, you count on the privacy of your company’s data, your partners’ information, and that of your valued customers, to be protected 24 hours a day. Contact Tech Masters today for a comprehensive IT and security assessment and discover the many ways we can help protect your most important data.

For quick information about SIM swapping scams, check out our frequently asked questions and answers below.

FAQ

What is SIM swapping?

Sim swapping is a digital scam, a form of social engineering that seeks to gain access to an individual’s private accounts and profiles by posing as the owner/user, and moving your phone number to another SIM card. This gives them access to a range of private information, financial data and applications.

What are the dangers of SIM swapping scams?

SIM swaps can leave you vulnerable to social media identity theft, where scammers can assume your identity, write messaging that isn’t your own, and try to press your friends, family and professional contacts for their personal information. SIM swaps can lead to financial losses, loss of private or business data, and damaged relationships with those in your community.

What can I do to protect myself against SIM swapping?

While there is no way to completely protect yourself from SIM swap scams, there are measures you can take to diminish your risk. Don’t ever share private or financial information online at the request of others. Don’t open suspicious ads, emails or texts. Frequently change your usernames, passwords, and security questions and check your apps and accounts often to make sure no unauthorized or suspicious activity has taken place.