SIM Swapping: Protect Your Mobile Account

TL;DR

SIM swapping is a type of fraud where criminals transfer your mobile number to a SIM card they control, giving them access to your online accounts. It’s serious but preventable with strong security measures and awareness.

What is SIM Swapping?

SIM swapping (also known as SIM jacking) happens when someone convinces your mobile provider to move your phone number to a different SIM card – one controlled by the fraudster. They usually do this by pretending to be you, using stolen personal information.

How Can They Do It?

Criminals typically get your details through:

• Phishing: Tricky emails or texts asking for personal info.
• Data Breaches: Information stolen from websites you use.
• Social Engineering: Manipulating people to give up information (e.g., pretending to be a bank employee).

Once they have enough details, they contact your mobile provider and convince them to transfer your number.

What Can They Do With Your Number?

• Access Online Accounts: Many services use SMS codes for two-factor authentication (2FA). With your number, they can reset passwords.
• Financial Fraud: Access banking apps and make unauthorized transactions.
• Identity Theft: Use your number to impersonate you.

How To Protect Yourself

1. Strong Passwords & Unique Ones: Use strong, unique passwords for all your online accounts. A password manager can help.
2. Enable Multi-Factor Authentication (MFA): This is the most important step! Don’t rely solely on SMS-based MFA. Use authenticator apps like Google Authenticator, Authy or Microsoft Authenticator whenever possible. These are much more secure than text messages.

   # Example of enabling MFA with an app (varies by service)

3. PIN Your SIM Card: Set a PIN on your SIM card. This prevents someone from using it in another phone if stolen. Contact your mobile provider for instructions.

   # Example command to set PIN (Android - varies by device)

4. Be Wary of Phishing: Never click links or provide personal information in suspicious emails or texts.
5. Monitor Your Account Activity: Regularly check your bank statements and online accounts for any unusual activity.
6. Contact Your Provider About SIM Security: Ask about extra security measures they offer, such as requiring a password before transferring your number.
   • Some providers require a physical ID verification in-store.
   • Ask if they have ‘SIM lock’ features.
7. Be Careful What You Share Online: Avoid sharing personal information on social media that could be used to verify your identity.
8. Report Suspicious Activity Immediately: If you suspect SIM swapping, contact your mobile provider and relevant authorities (e.g., Action Fraud in the UK) right away.

What To Do if You’ve Been SIM Swapped

1. Contact Your Mobile Provider: Immediately report the incident and request they restore your number to your original SIM card.
2. Change Passwords: Change passwords for all your important online accounts, especially email, banking, and social media.
3. Report to Action Fraud (UK): Report the fraud to Action Fraud at https://www.actionfraud.police.uk.
4. Contact Your Bank: Inform your bank about the potential for fraudulent transactions.