You can take a few quick actions outlined in this guide to protect your smartphone from prying eyes and resume using your devices with confidence.
Attacks known as “SIM swaps” involve con artists switching your phone number from a SIM card you own to one they hold. Although there is no need for code to carry out this kind of fraud, it has a terrible impact on the lives of its victims.
What is SIM Swapping, and How Does It Work?
A dishonest method of obtaining someone’s mobile number is SIM swapping, also known as SIM jacking. It occurs when a criminal persuades your mobile service provider to change your phone number to a different SIM card, typically one they own. You will unavoidably lose if they are successful.
Despite what you might think, it’s not entirely impossible to carry out something this serious. If fraudsters have access to your personal information, they can switch your SIM from the comfort of their homes. The hacker does not require a high level of technical expertise, you are correct. It only takes a SIM card and a phone call to your provider.
The hacker should be well on their way to switching your line by the time they add in data from large-scale data breaches as well as your publicly accessible personal information on social media. With this information, cybercriminals can dupe mobile service agents into changing the SIM card number associated with your SIM card to one of their own.
A completed swap, meanwhile, disconnects your line, preventing you from reclaiming it until you go in person to the carrier and show identification as the account owner. It’s likely that by then a number of your accounts would have been compromised. It doesn’t matter what phone you use when SIM swapping—although the e-SIM only iPhone 14 may be less susceptible to SIM-swap attacks—since the entire transaction is handled by your carrier.
How to Enable SIM Swapping Protections
Mobile carriers must allow you to port your phone number to a new SIM card in accordance with federal law, and they may also be required to act quickly upon receiving a request. The Federal Communications Commission (FCC) has however proposed new regulations that would compel carriers to add additional security features, like the use of pre-established passwords, before porting numbers, in response to the rise in SIM swapping scams.
To help protect you from SIM swapping and unauthorized porting, the three major phone carriers already provide a few options that you can enable. If you share a plan with others, you may need to enable these separately for each line:
AT&T
You can add a passcode to your account by logging in to your AT&T account and going to the “Manage Extra Security” section. This passcode must be entered in order to manage your account either online or in-person. Before you can port your number to a different carrier, you might also need to request a Number Transfer PIN. You can do this from the myATT app, your online profile, or by calling *PORT.
T-Mobile
With the help of T-Mobile’s Account Takeover Protection, nobody else is able to port your number to another network. To activate the feature, get in touch with T-Mobile and let them know who is paying the plan’s bill. Additionally, in order to port any of the numbers associated with the account, the primary account holder may need to use the T-Mobile app or website to obtain a Number Transfer PIN.
Verizon
Verizon’s Number Lock will prevent the porting of your number until the lock is removed. You can also create an Account PIN, which you’ll use to prove that you are the account owner. Before porting a number to a new carrier, an account owner or manager must request a Number Transfer PIN. In addition to requesting a Number Transfer PIN by dialing #PORT, you can enable and disable these security features from your online account or through the My Verizon app.
What Do Fraudsters Stand to Gain from Swapping Your SIM?
Many necessary services are accessible through your SIM card. You use it to receive calls and texts, and for two-factor authentication (2FA) requests, it’s probably connected to your bank, email, and social media accounts. Fraudsters could log into these accounts and empty them if they had access to your SIM and, consequently, your profiles. They can also access your contacts and con your friends and family.
What About Two-factor Authentication?
Internet security can be improved by using two-factor authentication (2FA). With 2FA, you must first enter a temporary code before being granted full access to your online accounts rather than using a password to sign in. It is popular because of the added security it offers, which prevents hackers from accessing your accounts unless they have control over both your phone and password.
However, the system’s strength also contributes to some of its weaknesses. The entry point is whoever has your card or phone because authentication codes are typically sent via emails, mobile numbers, and authentication apps. Contrary to fingerprint or face IDs, which demand your physical presence, this does not. When they gain access to your mobile device or SIM card, cybercriminals take advantage of this vulnerability because they are aware of it.
What’s Being Done?
To stop SIM swapping, carriers and the government are collaborating. The FCC stated that it was creating regulations to combat SIM swapping and port-out fraud in October 2021. While that is being developed, T-Mobile has already put some internal protocols into place to enhance the system. Instead of just one manager’s approval, changing a SIM card now needs SMS confirmation from two carrier employees. Although it’s not perfect, it’s a positive step.
What Are the Signs of SIM Swap Fraud?
The sooner you change your accounts back during a SIM swap, the better. In case you are being attacked, call your cellular provider right away if you see any of the warning signs listed below.
- You are unable to access the online accounts on your phone.
- Even with good reception, your phone loses service or you are unable to receive calls or texts.
- You get notifications from the phone service for actions you didn’t perform.
How to Prevent SIM Swapping
A SIM swap could cost you dearly. The best course of action is to take preventative measures to keep from becoming a victim in the first place. These actions will help you stay safe.
1. Protect Your Phone and SIM
The majority of smartphones come equipped with a variety of security features, including PINs, passwords, patterns, fingerprint scanners, and facial recognition. The latter two are features that come as standard in modern gadgets, allowing them to increase security further.
It’s important to safeguard your physical SIM in addition to your phone. When you restart your device, you must enter the PIN code you set to lock it. You should be able to create a PIN in the Settings section of your Android or iPhone device. Just be careful not to use your birthday or the birthday of someone dear to you.
2. Lock Your Phone Number With Your Service Provider
To prevent your mobile number from being transferred without your consent, many network service providers offer Port Freeze or Number Lock. Once activated, it is impossible to port your number to a different line or carrier unless you unlock the lock, either by entering a PIN or physically entering the store. It’s a great way to strengthen your SIM protection if your carrier permits this feature.
3. Use Strong Passwords and Security Questions
Stop using your birthday or middle name as a password if you still do. Use a strong password that is virtually impossible to decipher. A minimum of 12 characters, including capital and lowercase letters, numbers, and special symbols, should be included in a password. Additionally, it’s a good idea to use unique passwords for every account to prevent data breaches that affect multiple accounts from happening simultaneously.
How do you keep track of so many passwords, though? You should instead keep them in one of the many password managers that are readily available. In addition to passwords, some services allow you to create security questions. In that case, choose questions that even close friends would find difficult to answer.
4. Turn on Two-factor Identification
2FA is another way to add an extra layer of security to your accounts. Log in to websites that support 2FA, like Google, turn it on, and that’s all there is to it. By removing the danger involved with SMS-based authentications, you can increase security. Instead, whenever possible, use 2FA tools like Google Authenticator or Authy.
5. Enable Biometric Authentication on Your Device
PINs, passwords, and two-factor authentication are excellent security measures. However, because they depend on your physical presence to function, face and touch IDs provide a level of protection that is higher than those.
Use mobile services and applications that support two-factor biometrics whenever possible. This will prevent thieves from getting past the biometric security even if they obtain your phone number.
6. Limit How Much Personal Information You Share Online
Fraudsters can impersonate you by using even the tiniest details to trick your carrier. Therefore, refrain from sharing your complete name, address, phone number, and date of birth on open platforms. Also, avoid posting too many personal details on social media, such as the name of your pet, where your best friend is located, and what your favorite food is. They may have been asked as part of some online identity verification security questions.
7. Be Wary of Phishing Emails, Texts, and Calls
In terms of age, phishing predates the internet. It is a form of social engineering that is frequently used to obtain login information, credit card information, and other user data. Phishing typically involves criminals pretending to be representatives of reputable organizations, such as banks, government agencies, and medical facilities, in the hopes that you won’t hesitate to respond to their inquiries or carefully review their emails because you believe these entities to be reliable.
However, reputable medical practices, the government, and banks never request your personal information online. Even if they seem legitimate, hang up or delete any such calls or messages if you receive them. To confirm the outreach, you can reach out to the organization at any time.
Other Ways to Protect Yourself from SIM Swapping
Enabling the security features through your carrier could be a simple way to keep your phone number safe, but there are also additional steps you can take to help protect yourself and your accounts from an attack:
- Try to use multifactor authentication that isn’t SMS-based. You can enable MFA on some accounts without relying solely on text messages. For instance, you might be able to substitute a fingerprint or face scan for a texted code by using an authenticator app, hardware token, or other device that generates codes. Then, even if your number is stolen, the new owner won’t be able to access your account or change your password.
- Be careful not to share any of your private information. If the attackers want to call your carrier pretending to be you, they will need your personal information. To find out what is online, perform a free privacy scan. Then, research how to have your information removed from people search websites.
- Avoid making online posts about your possessions. Talking about your online retirement savings or cryptocurrency holdings could make you a target.
- Attempts at social engineering should be avoided. Fraudsters may try to con you into giving them personal information so they can sell it or use it to swap your SIM card. They might pose as a customer service agent, for instance, who requests confirmation of your name, address, and other personal data. Beware of these phishing, smishing, and vishing attacks, which are sent via email, text, or call, respectively.
Final Words
You can feel more secure about the security of your smartphone, cellphone number, and online accounts with just a few easy steps. Consider registering for an identity theft protection service like McAfee Identity Protection Service if you’d like additional peace of mind. In comparison to other monitoring services, McAfee typically detects suspicious activity ten months earlier. Sim swapping and other identity theft schemes must be stopped as soon as possible. Your confidence in your online activities can be restored with the help of an identity protection partner.
