SIM swapping image

SIM Swapping: Have You Been Swindled?

When people think of SIM swapping, they may imagine a James Bond type of character in a form-fitting suit walking by a man at the blackjack table and slyly taking his phone to swap out the SIM. If that’s what you imagined, you would be incorrect. SIM swapping is much easier than that for data thieves — and they never need to make contact with you at all. Also known as SIM jacking, SIM hijacking and SIM fraud, SIM swapping is very real and you should know how to protect yourself and your company against this threat.

What Is a SIM Anyway?

SIM stands for subscriber identity module. It’s a small card that slips into your smartphone that identifies you to your mobile carrier. Without a SIM card, phones can’t make calls or send text messages. The SIM technology is what makes it possible for you to buy a new smartphone, pop in the SIM card and BOOM, your number automatically registers on the new device.

How Does Your SIM Get Swapped?

Here’s how it works: The scammer gathers information on you – generally from social media – and uses that information to impersonate you with your wireless carrier. They get the carrier to transfer your SIM ID to another device. They then attempt to log in to your other accounts (e.g., bank accounts) and steal your personal data.

A data thief doesn’t need to come near you – or your phone – to swap or hijack your SIM.

Want to know the scariest part? Once they have access to your SIM, any messages, warnings or multi-factor authentication (MFA) texts sent to your number are now seen on their phone. If successfully completed, your phone is disabled and can no longer make calls or texts on the cellular network (Wi-Fi calling may still be an option).

Would You Know If You Have Been a Victim of SIM Swapping?

If your SIM has been swapped to another device, it will automatically cease cellular data functions to your device. If you suddenly find yourself unable to place calls or texts, you may be a victim of SIM swapping. Other signs include:

  • Posts appearing on your social media accounts that are not yours.
  • Notification that your SIM is being used on another device from your carrier.
  • You’re unable to access your accounts (bank accounts, social media, financial applications).

If you think you have been a victim of SIM swapping, notify your bank, phone carrier and other organizations immediately. If your company has partnered with ArcLight Group, call us immediately so our IT service experts can work diligently to prevent hacks to your business accounts. If you think the scammer might have your Social Security number, credit card or other information, go to IdentityTheft.gov and take the necessary steps provided.

Protect Yourself From SIM Swapping

Protect yourself from SIM swapping with these six steps:

  1. Enable multi-factor authentication (MFA) on all your accounts. When you log in to your accounts from a new device or for the first time in a while, your account will require a code to authenticate you.
  2. Use an app (not SMS messages) to get authentication codes, such as Microsoft Authenticator (App Store / Play) or Google Authenticator (App Store / Play). The apps can be linked to multiple accounts and generate new codes every 30 seconds or so. Whenever you are prompted to enter a code to log in, a fresh code is available in the app for that platform.
  3. Make sure your cell phone account is using a unique, strong password (ideally with upper and lowercase letters, numbers and a special character).  DO NOT include any personal information in your passwords like your name or date of birth. These tips should also be used for all your passwords.
  4. Request that your carrier use a separate PIN code or passcode to make account changes. It is becoming more common for carriers to offer this option.
  5. Never give personal information to people who call, email or text you out of the blue. These can be phishing attempts to gain the data needed to breach your accounts (or convince your phone carrier they are you and swap your SIM). When in doubt, call the agency directly or go to their website. (Do not click email links in a suspicious email or text: They may take you to a site that looks legitimate but is actually part of the scam.)
  6. Avoid posting personal information on public sites, especially your full name, address and phone number.

Don’t Worry We’re On IT

With a new hack like SIM swapping or other types of cyber crime surfacing almost daily, it’s understandable to be concerned or feel like sticking your head in the sand. It doesn’t help that you may not be well-versed in what’s necessary to completely protect yourself and your assets.

At ArcLight, we’re always thinking about cyber security. Contact us so we can help you make sense of it all and wrap your company or practice in the protection it needs. 

Share the Knowledge

Brian Largent

Managed Service Provider CHECKLIST

Land on the best IT solutions partner for your needs with this easy-to-follow, one-page download.

Download the Checklist

Discover More IT News, Tips and Tricks From The Experts At ArcLight Group