What is SIM swapping & how does the hijacking scam work?
SIM swapping, also known as SIM splitting, simjacking, or SIM hijacking, is a technique used by fraudsters to get control of your phone number. With your phone number, hackers can take advantage of two-factor authentication to gain access to your bank accounts, social media accounts, and more.
To understand SIM swapping, you first have to know how two-factor authentication and SIM cards work.
Security experts recommendtwo-factor authentication to protect your online accounts, but it isn’t a perfect system – a third party with your phone number could bypass it. Two-factor authentication alone doesn’t 100% protect your accounts from getting hacked.
Setting up two-factor authentication for an account typically entails providing your cell phone number, so that you can receive unique codes to use each time you log in after entering your username and password. The code may also be sent to your email. Since two-factor authentication has become so common, hackers now have another challenge to gaining access to your information – they now need to get your cell phone number, too.
What is a SIM card?
“SIM” stands for “subscriber identity module.” A SIM card is a tiny chip inserted inside your cell phone. Your SIM card has a unique string of numbers assigned to it that identify the user, mobile carrier, and country of the cell phone. SIM cards are also connected to your phone number.
Microsoft Defender
Stay safer online with one easy-to-use app1
1Microsoft 365 Personal or Family subscription required; app available as separate download
To get your phone number, scammers must contact your mobile carrier and convince them to transfer your phone number to one of their own SIM cards. But mobile carriers don’t transfer cell phone numbers just because someone asks – they require more information to do so.
Fraudsters often use social media to collect personal information they could use to answer security questions to gain access to their target’s account. For example, your birthday, your mother’s maiden name, and the high school you went to are common security questions that a third party could easily get the answers to by browsing your social media.
Another way scammers can gather your personal information is through phishing. Phishing is a form of social engineering where attackers impersonate a trusted institution or individual to get you to share your personal information. For example, scammers may send an email that appears to be from your phone carrier, asking you to keep your account information updated. To do so, they may ask you to click a link and log in, and capture your information in the process. These convincing emails trick victims into sharing personal information like their birthday, password, account number, and more.
Sometimes, scammers even purchase victims’ personal information from sellers of leaked and stolen data on the dark web.
Once the scammers gather your information, they will contact your mobile carrier. If they can successfully answer your security questions, their next step is to get your phone number transferred to their SIM card. Then, they can get into your online accounts using authentication codes sent to your phone number, which they now have control over.
SIM swap detection
You can’t send or receive text messages or make phone calls
Being unable to send or receive text messages or make or receive phone calls is a telltale sign that you’re a victim of SIM swapping. This is because scammers are now in control of your phone number.
Losing phone service
If your phone is giving you a “No Service” or “Searching” message, that is another way SIM swapping can be detected.
You’re notified your phone number is on a new device
For security purposes, mobile carriers often notify their customers when their SIM card or phone number was activated on a new device.
Strange activity on social media
If you’re noticing unusual activity on social media accounts, that may be the result of SIM card hacking. Hackers may use SIM swapping to get into your social media accounts to impersonate you and scam your friends or family members for money.
You can’t access your accounts
Hackers often change your login credentials immediately so they can take full control over the account.
You notice unusual bank activity
If you notice purchases, wire transfers, or withdrawals that you don’t recall making, your SIM card could have been hacked. Gaining access and using victims’ funds is often the ultimate goal for SIM swappers.
How to protect yourself from SIM swapping
Follow these tips to secure your SIM card, as well as your personal information, to prevent SIM hijacking.
Use the internet wisely
Fraudsters will use phishing techniques to steal your personal information. It’s important that you get to know these techniques.
Don’t click on links from people you don’t know. Organizations like your phone carrier or bank will never ask for your sensitive information via email.
Additionally, you may want to consider making your social media accounts private. Avoid sharing too much personal information that scammers can use to impersonate you online.
Update your account security
Some mobile carriers allow their customers to set up a special PIN number that must be entered to make changes to their accounts. If your mobile carrier allows this, it’s wise to take them up on it. Don’t make your PIN number something obvious that a hacker could figure out, like your birthday. You also may want to create a stronger password for your cellphone’s account, and choose more difficult security questions and answers.
Use an authentication app
Authentication apps use two-factor authentication that is linked to your device, rather than your phone number—so if you’ve got your phone, this form of authentication is still protected even if a hacker’s able to intercept your calls and texts.
Sign up for alerts
Check to see if your mobile carrier offers extra alerts for events like a phone number or SIM card change. If your mobile carrier gives you that option, you should turn on the notifications.
Your phone number and SIM card are used for more than just keeping in touch with your friends – they’re also play a huge role in your online security. Now that you’ve read all about SIM swapping, you’ve taken a huge step in protecting your personal information.
Get started with Microsoft 365
It’s the Office you know, plus the tools to help you work better together, so you can get more done—anytime, anywhere.
Identify and stop a CEO fraud attack with these tips. Learn how this scam, sometimes known as whale fishing, is aimed at company executives and how to master CEO fraud detection.
Recognize questionable behavior on social media such as off-putting and automated messages. Learn why this behavior may be a sign of social media bots and other indicators.