What is SIM Swapping?

SIM swap fraud is becoming an increasing concern across the United States and other countries with high smartphone penetration rates. These subtle attacks on mobile phones often go unacknowledged until it is too late, especially when people are unacquainted with the potential indications to be aware of. As they can be so financially and socially damaging—and challenging to recover from—it is essential to understand how these attacks work and how to prevent them.

What is a SIM?

A subscriber identity module (SIM) is a small chip card that activates calling, texting, and data services in a mobile phone. Each SIM card has unique identifiers associated with just one mobile account. Because of these distinctive details, removing a SIM card from one phone and putting it into another automatically transfers that card’s mobile services to the new physical device. However, phone companies can also transfer these unique identifiers to a new SIM card, for example, if the original is lost. Because of this, mobile devices are vulnerable to a particular type of attack called SIM swapping.

What is SIM Swapping?

There are many names for this type of attack—it might be referred to as a SIM swap fraud, or SIM hijacking. But each name refers to the same thing. It is when a SIM scammer gains control of a phone number by assuming the victim’s identity and persuading their mobile service provider to port the number to a SIM card that is in their possession. Once they have this, they can also pass any SMS-based two-factor authentication processes for accounts associated with that number, gaining complete control over the phone and accounts in question.

With this, the attacker can potentially gain access to text messages, emails, contact lists, bank accounts, and social media profiles among other private and confidential information. Usually, the main goal of SIM swap fraud is monetary, with the hackers using access to credit card information, bank accounts, and even cryptocurrency wallets, for financial gain. This has become such a problem that the FBI estimates that scammers were able to steal US$68 million in 2021, a substantial increase on the US$12 million that was stolen between 2018 and 2020.

In some cases, though, attackers might perpetrate a SIM swap fraud with other aims. For example, they may wish to exploit the victim’s social media accounts, sell access to the phone number and linked accounts on the black market, or extort the owner into paying to regain access to their number.

How does SIM jacking work?

SIM cards use unique user data to connect to local mobile networks. If this data is transferred to a new SIM card, the original will no longer work and all carrier-facilitated calls, texts, and internet will instead be transferred to the new card. This is essentially what happens with SIM swapping.

Usually, the scammer begins by amassing personal information about the owner of a phone account. This can be done in several ways, such as buying the information on the black market or collating the information from social media profiles. Often, the attacker will first use a phishing scam, where they impersonate a phone service provider and send the account owner an email. The email will usually have a link to a website where the victim is asked to enter information such as their birthdate, passwords, and perhaps Social Security number. This is then delivered to the scammer.

Then, the attacker can go to the phone company the account is registered to and use the information they have gathered to convince the carrier that they are the account holder. Once the identity has been “verified”, the attacker can claim to have lost the original SIM card and ask the carrier to “port” the number to a new card that is in their possession. Once this has taken place, the fraudster has control over the phone and can intercept phone calls and text messages. This includes authentication codes that can be used to access bank accounts and social media profiles, for example.

Although it is less common, there is another way that fraudsters can perpetrate a SIM hijacking. In this less common scenario, an employee of the mobile service provider might work directly with the attacker, providing information and helping to “port” the number to their SIM card of choice.

What are the signs of a SIM swap attack?

The signs of a SIM swap are often quite easy to identify and will usually become obvious soon after the attack. These are just a few things to look out for:

• Strange notifications: In the early stages of a SIM swap fraud, the phone in question may receive texts or calls about an unexpected change to the service. If this happens, it is best to speak to the service provider immediately to find out what actions have been taken.
• No phone service: If the phone in question suddenly has no service—it cannot make or receive calls or texts, for example, or has no data service when it should—then it is possible the SIM card has been deactivated. The service provider can confirm whether a swap has occurred or there is simply a temporary problem.
• Unusual social media posts: If the owner of a social media account notices posts on their profile that they did not create, it is possible that a SIM jacking scammer has taken control of their accounts.
• Account lockouts: A sudden inability to access bank accounts, social media profiles, or emails can indicate that these accounts have been taken over in a SIM swap fraud.
• Unexpected transactions: SIM swap scammers may quietly make transactions through the financial accounts associated with a phone number. Suspicious transactions on bank or credit card account statements can be another sign of SIM swapping.

What to do when a SIM swap fraud occurs

Despite how many measures are taken to prevent SIM swapping, these kinds of attacks are happening with increasing frequency. When a SIM jacking happens—or even if it is simply suspected—the best thing to do is speak directly with the service provider for the phone number in question. They will be able to explain if any changes have recently been made to the account, or completely deactivate the phone account and SIM card if they confirm that a SIM jacking has taken place.

It can be worth ensuring you have access to a backup mobile device, as in the event of SIM swap fraud you may lose signal on your primary device, and being able to quickly contact your service provider is of the utmost importance in these attacks.

What role does social media play in SIM swap fraud?

With millions of people using social media these days, having a personal Facebook, Instagram, or TikTok account seems like a relatively innocuous proposition. Unfortunately, it may not be quite as safe as most people assume. SIM hijacking relies heavily on assembling as much personal data about an individual as possible, and social media profiles are rife with information that can help a scammer successfully execute a SIM swap.

Scammers often sift through social profiles to find clues that can help them hijack phone accounts. For example, they may be able to find a pet’s name in an Instagram post or the name of someone’s high school in their Facebook groups. If these are then used as passwords or answers to security questions, the scammer could potentially use this to complete a SIM swap or take over accounts on a SIM they have access to.

Another factor to consider is that sometimes, these SIM attacks are carried out specifically to take over someone’s social media account and create malicious posts which can cause problems or embarrassment for the individual involved. This was the case in 2019 when former Twitter CEO Jack Dorsey was the victim of a SIM swap and the fraudsters uses Cloudhopper’s text-to-tweet function to send offensive messages through Dorsey’s Twitter account from his phone number.

How to prevent SIM swapping

It might not be practical to go without a phone, but there are some less extreme measures that can be taken to avoid SIM swap fraud. Here are our top tips for avoiding these attacks:

1. Use smart online habits: Adhere to the basic rules of online safety. Be wary of phishing emails, following suspicious links, or providing any sensitive personal data online. Most service providers will not ask account owners to provide details such as bank details or social security numbers by email.
2. Secure phone acc ounts: Most phone companies will let account holders enhance the security of their phone accounts by setting unique passwords, PIN codes, and security questions that they will ask when the owner wants to make changes to their account.
3. Use authentication apps: When securing accounts with two-factor authentication, try using secure apps instead of a phone number. These tie the authentications to the physical phone device instead of a number, reducing the chances of SIM hijacking.
4. Ask for call-backs: Where banks or mobile service providers offer this, it can be useful to ask them to always call the number registered with the account in order to make changes—this could stop a SIM swap fraud from being completed.
5. Avoid linking accounts to a phone number: If possible, use different ways to set up and authenticate accounts. This way, in the event of a SIM swap fraud, the hackers will have less access to fewer accounts.

In some countries, you need to use a photo ID to buy and register a SIM card. In this case, service providers should not allow anybody to make changes to your phone number without seeing evidence of identification.

SIM swap fraud: A preventable attack

SIM swapping can create many financial and social difficulties for those who fall victim to these malicious attacks. To avoid succumbing to a SIM jacking, it is crucial that phone users take steps to protect their devices. From implementing security measures with their phone company and limiting how many personal accounts are associated with their number, each can prove useful to prevent a SIM swapping attack.

Frequently asked questions about SIM swapping

What is a SIM swap attack?

Essentially, SIM swapping is when a fraudster takes control of a phone number by having it “ported” onto a new SIM card that they have access to. By doing this, the scammer can potentially use the phone to access accounts that the victim has linked to the number, such as bank or credit card accounts or social media profiles. Because the goal of SIM jacking is usually financial, the attacker usually targets the victim’s bank accounts and credit cards. Sometimes though, the goal is to take over the victim’s social media profile with malicious intent, as was the case of the SIM swap fraud perpetrated on former Twitter CEO Jack Dorsey.

How does SIM swap fraud work?

There are several steps to perpetrating a SIM swap. First, the attacker will gather personal information about the intended victim. They might do this by buying the information, collating it from social media accounts, or using phishing attacks. With this information, the scammer can impersonate the victim, claim they have lost their phone, and persuade the victim’s phone company to “port” their number to a new SIM card. By doing this, the fraudster can intercept phone calls and messages, including those that might offer authentications to access certain accounts. With these, the attacker could access the victim’s bank accounts and social media profiles, for example.

How can you prevent SIM swapping?

To avoid a SIM jacking, phone owners can implement simple security measures like setting up PINs and security questions with their phone companies or using standalone authentication apps instead of two-factor authentication linked to a phone number. It can also be helpful to use smart online habits—such as being wary of phishing emails—and limiting how many personal accounts are associated with a phone number. Phone owners should also be vigilant, keeping a look out for the signs of SIM swaps, such as unexpected bank transactions and unusual social media activity.

Kaspersky Endpoint Security received three AV-TEST awards for the best performance, protection, and usability for a corporate endpoint security product in 2021. In all tests, Kaspersky Endpoint Security showed outstanding performance, protection, and usability for businesses.

Further reading:

• Android mobile security threats
• Mobile phone security: How to make sure your phone is secure
• Everything to know about phone number spoofing
• Avoiding cell phone spyware infestation

Related Products and Services:

• Kaspersky Home Security
• Kaspersky Lightspeed VPN Security