What is SIM Swap? Understanding and Preventing Fraud

A SIM Swap is a cyber attack where an attacker hijacks a victim's mobile phone number by convincing the carrier to switch the victim's phone service to a SIM card controlled by the attacker. This scam, also known as SIM jacking, SIM swapping or a port-out scam, allows fraudsters to bypass security measures like two-factor authentication, leading to unauthorized access to the victim's personal and financial accounts.

---

SIM swap scams exploit the mobile phone number as a security loophole, which is often used as a method for identity verification by various services, including banks and social media platforms. By controlling your phone number, attackers can receive text messages and phone calls meant for you, intercepting any codes or verification prompts sent via SMS.

1. Information Gathering: Attackers gather personal details about the target through social engineering, phishing, or by purchasing data from the dark web.
2. Impersonation: Using the acquired information, they contact the victim's mobile carrier, pretending to be the legitimate account holder, claiming a lost or damaged SIM, and request a transfer of the phone number to a new SIM card that they control.
3. Account Takeover: Once the number is ported to a new SIM, attackers can bypass SMS-based two-factor authentication, reset passwords, and access sensitive accounts without the victim's knowledge.

• Loss of Cellular Service: One of the first signs of a SIM swap scam is the sudden loss of service as the phone number is activated on another SIM card.
• Unexpected Requests: Receiving unexpected security codes or notifications of password changes.
• Account Lockouts: Being locked out of your online accounts, especially banking and email, can indicate that attackers have changed your passwords.

• Reduce Data Sharing: Minimize the sharing of personal information on social media and other online platforms that can be used to answer security questions or impersonate you.
• Enhanced Security Measures: Use multifactor authentication methods that do not rely solely on SMS, such as app-based tokens or hardware security keys.
• Regular Monitoring: Regularly monitor your financial and social accounts for any unauthorized changes or transactions.

---

Contact your mobile carrier immediately to regain control of your phone number and inquire about any recent changes to your account without your authorization.

Set up additional security measures with your carrier, such as a unique PIN or password that is required to make any changes to your account settings.

Employ other multi-factor authentication methods like passkeys, authenticator apps (e.g. Google Authenticator) or hardware security keys (e.g. YubiKeys) that provide a higher level of security compared to SMS-based methods.