SIM Swap Scams: How Attackers Hijack Your Phone and How to Protect Yourself
News and information from the Advent IM team.
- by Anthony Orjally
- Advent IM Blog
A SIM swap attack, also known as SIM swapping, SIM hijacking, or a port-out scam, is a type of identity theft where a fraudster convinces a mobile carrier to transfer a victim’s phone number to a new SIM card controlled by the attacker. By doing this, the attacker can take over the victim’s mobile number and intercept calls and text messages, including one-time passwords (OTPs) sent via SMS for two-factor authentication (2FA). This allows the attacker to gain access to the victim’s online accounts, such as banking, email, or social media.
How a SIM Swap Attack Works:
- Gathering personal information: Attackers collect details like the victim’s name, phone number, address, date of birth, and potentially account passwords. This information is often obtained through phishing, social engineering, or data breaches.
- Impersonating the victim: The attacker contacts the victim’s mobile provider, pretending to be the victim, and claims that their phone has been lost or stolen. They request the transfer of the victim’s number to a new SIM card.
- Executing the SIM swap: Once the mobile provider processes the request, the victim’s phone loses service, and the attacker gains control of the phone number on the new SIM card.
- Accessing accounts: With control of the phone number, the attacker can receive OTPs and reset passwords for accounts linked to the victim’s number.
Consequences of a SIM Swap Attack:
- Financial loss: Attackers may access bank accounts or conduct fraudulent transactions.
- Account takeovers: Fraudsters may gain access to personal email, social media, or cryptocurrency accounts.
- Identity theft: Criminals may impersonate the victim to commit further fraud.
How to Protect Against SIM Swap Attacks:
- Use app-based two-factor authentication (2FA) instead of relying on SMS-based 2FA.
- Add a PIN or password to your mobile carrier account for extra security.
- Be cautious about sharing personal information online.
- Monitor your phone for any sudden loss of service, as this could indicate a SIM swap in progress.