SIM Swapping
Prevent being locked out of your phone and your money
SIM swapping is a new threat on the rise. Your mobile phone carrier can be tricked into transferring your phone number to a thief’s SIM card.
SIM swapping allows bad actors to take over your phone, intercepting your calls, messages, social media, and more. This is lucrative for criminals because most people's bank accounts use two-factor authentication (2FA) via text or call verification. Hijacking your phone can unlock your financial accounts since the verification will come directly to them.
THE HOW
Swapping can begin with email phishing. Scammers typically pose as your phone carrier, asking you to verify your account information. They can then use the info you provide to call your real carrier, pretend to be you and switch your account to their phone’s SIM card.
The initial indicators of a SIM-swapping attack are loss of signal and inability to make or receive calls or texts on your phone. You may even receive notification that your phone number is now on a new device. Take action if this happens by securing bank accounts, changing your passwords and contacting the authorities to file a report.
PUT A PIN IN IT
There are ways you can protect yourself. All phone carriers give you the option of adding a security PIN number to your account. The number is usually 6–15 non-sequential numbers long. You should only share this PIN with your carrier when you’re changing your service in person or over the phone. Your PIN number is an extra level of authentication to adjust your account. Carriers will never ask you to verify your PIN for any other reason, so keep it close to the vest.
AUTHENTIC ALTERNATIVE
For any sensitive accounts, research to see if you can opt to use app-based authentication or physical security keys, rather than SMS-based 2FA.
FREEZE TAG
Proactively freeze your credit with the three major credit bureaus to maintain security, unfreezing it as needed for financial transactions. If you are the victim of SIM swapping, report this to all three credit bureaus to put a fraud alert on your credit for the minimum of a year. Providing a police report can extend the fraud alert for multiple years.
OFF THE HOOK
Get in the habit of not clicking on any links in any email, especially if they’re offers or asking for account information. Email phishing is becoming more sophisticated by the day. Use your email for keeping current rather than taking action. If you get an email from your bank, rather than clicking a link, open a new browser tab and log into your account or give them a call.
THE OVERSHARE
Scammers scrape information on social media for unlocking your accounts’ security questions. Maiden names, birthplaces, schools and birthdays are all discoverable on most people’s social feeds. When selecting strong security questions for accounts, go for the more esoteric questions that people would have a more difficult time discovering.