You may be receiving an increase in spam calls if your phone number is on the dark web or people search sites, if you’ve answered spam
Updated on July 31, 2024.
SIM swapping is when a cybercriminal impersonates someone in order to convince a mobile carrier to activate a new SIM card. A SIM card is a small card containing a chip that is given to you by your mobile carrier. When inserted into your mobile device, the SIM card gives you the ability to send and receive text messages and phone calls. When a cybercriminal successfully SIM swaps, they can more easily steal someone’s identity because they can now receive their text messages and phone calls.
Continue reading to learn how to tell if you’ve been SIM swapped and the steps you can take to protect yourself from this type of fraud.
How SIM swapping works
For SIM swapping to occur, a cybercriminal first gathers as much information about their targeted victim as they can. This makes it easier for them to trick the victim’s mobile carrier using social engineering tactics. Once they have the information, they call the victim’s mobile carrier and tell them they have lost or damaged their phone, which would mean their SIM card has also been lost or damaged.
Cybercriminals will often tell mobile carriers they already have another phone they can use and just need to activate a new SIM card. Once the carrier completes the request to activate a new SIM card, all of the victim’s calls and texts will go to the cybercriminal’s device.
What makes SIM swapping especially dangerous is that cybercriminals can receive phone calls from all sorts of organizations including your bank. When it comes to text messages, they’ll be able to receive password resets and multi-factor authentication codes – meaning they can access any of your accounts without necessarily even having to know your password.
How to tell if you’ve been SIM swapped
Here are a few signs that you may have been SIM-swapped.
You’re unable to make calls or send text messages
The most telling sign that you’ve been SIM swapped is if you suddenly lose access to your phone service. This means you’re unable to receive or make calls and unable to receive or send text messages.
You notice unauthorized transactions on your credit/debit cards
Another sign that you may have been SIM swapped is if after noticing your loss of service, you also notice unusual and unauthorized transactions on your credit or debit cards. Most cybercriminals’ objective when SIM swapping is to steal their victim’s money, so unauthorized transactions are a red flag.
Since cybercriminals now have your phone number, they’re able to bypass your bank account logins by using your phone number as a verification method.
Unauthorized security notifications
If you receive notifications such as your mobile carrier sending your authorization codes you didn’t request, this can be a sign that someone else is requesting them on your behalf. It can also be a sign that someone is in the process of swapping your SIM card.
Another notification you should be on the lookout for is one from your mobile carrier thanking you for activating your new device, particularly if you weren’t the one who requested it.
What to do if your SIM has been swapped
Here’s what to do if your SIM has been swapped to a cybercriminal’s phone.
1. Contact your mobile carrier
Contact your mobile carrier and explain that someone has ported your phone number to a SIM that you don’t have access to. If you can, try to give them a timeframe of when the SIM swapping could have taken place. You should also request the following from your mobile carrier:
- Ask them to disable your phone number so it no longer works
- Ask if you can have your phone number moved back to your SIM card – for security reasons, they may ask you to come into their store in person so they can verify your identity
- Ask them for a case ID number so you have proof of the encounter – you can also ask for the employee’s information for additional proof that you contacted them
2. Place a freeze on your credit report
There’s no knowing what a cybercriminal could have gained access to since they SIM-swapped you, so for additional security place a security freeze on your credit report. A security freeze, also known as a credit freeze, prevents creditors from accessing your credit report You can place a security freeze by contacting each of the three major credit bureaus: Experian, TransUnion and Equifax. Be sure to contact each bureau because freezing your credit at one bureau will not freeze your credit with the other two bureaus since creditors use different credit scoring models and it’s never clear which model a creditor will use. You’ll be able to remove the freeze at any time by contacting each bureau.
3. Change your passwords
Additionally, because SIM swapping could have allowed the cybercriminal to access your online accounts, it’s important to change your passwords immediately. The best way to quickly change your passwords is by using a password manager. A password manager will aid you with creating strong passwords and storing them securely. The only password you’ll need to remember is your master password. Keeper Password Manager offers a free 30-day trial that you can start using immediately.
How to protect yourself from SIM swap fraud
Here are a few tips you should follow to protect yourself from SIM swapping.
Secure your SIM card
The first step in protecting yourself from SIM swap fraud is securing your SIM card with a PIN.
Not sure how to add a PIN to your SIM card? Here’s how:
How to secure your SIM card on an iPhone
- Go to Settings
- Tap Cellular > SIM PIN
- Toggle the button next to SIM PIN to enable it
- Enter your mobile carrier’s default PIN which is usually “1111” (double-check with your mobile carrier before entering this default PIN)
- Once it’s enabled, tap Change PIN
- Enter the default PIN again, then enter the new PIN you want to use to unlock your SIM card
How to secure your SIM card on an Android
- Go to Settings
- Tap Security & Privacy > More security settings > SIM card lock
- Toggle the button next to Lock SIM card to enable it
- Enter your mobile carrier’s default PIN which is usually “1111” (double-check with your mobile carrier before entering this default PIN)
- Once it’s enabled, tap Change SIM PIN
- Enter the default PIN again, then enter the new PIN you want to use to unlock your SIM card
Enable MFA on your accounts
Multi-Factor Authentication (MFA) adds additional security to your account since it requires that you verify your identity with one or more authentication methods before you can successfully log in. If the wrong person were to gain access to your credentials, MFA would prevent them from being able to log in to your account since they wouldn’t be able to verify your identity.
When it comes to MFA, it’s best to choose an authentication method that is not SMS. SMS or text message authentication is easy for a cybercriminal to intercept, and even more so if you are a victim of SIM swapping. While SMS offers convenience, it’s not the best method to keep your accounts secure.
Instead of using SMS as an additional authentication, opt to use an authenticator app. An authenticator app is an application you install on your mobile device that generates Time-Based One-Time Password (TOTP) codes. When you enter the username and password for your account, you’ll have to input the TOTP code provided by your authenticator app before you can log in successfully. The code will be different each time – ensuring that your account stays secure.
If you want an even easier way to verify your identity, some password managers like Keeper® have a feature that enables you to store 2FA codes securely without having to rely on the device where you have your authenticator app installed. This means you’ll be able to access 2FA codes from any device.
Avoid sharing personal information online
Cybercriminals attempting to SIM swap do a lot of research before calling their victim’s mobile carrier. This includes googling them, checking their social media profiles or even sending them phishing emails or text messages that contain malware. By installing malware on their victim’s device, a cybercriminal can find out more information about the victim.
Because cybercriminals do a lot of research beforehand, it’s important that you never share too much personal information about yourself online. This makes it easier for cybercriminals to steal your identity, or in this case, swap your SIM card.
Use strong, unique passwords for each of your accounts
Each of your accounts should be protected with a strong password. Strong passwords are what help you secure your accounts, along with having MFA enabled. To make it easier to remember and generate strong passwords, we recommend using a password manager.
Avoid becoming a victim of SIM swapping
SIM swapping can lead to account compromise and in severe cases identity theft, making it important to learn how to keep yourself protected from this type of fraud. Securing your SIM and online accounts can make all the difference in keeping your identity safe.
Ready to protect your online accounts with Keeper Password Manager? Start a free 30-day trial today.