SIM SWAPPING

Criminals will pose as an account holder and request a new SIM card. Once received, this allows them to effectively take control of the victim's phone. They can then access accounts which use passcodes sent to the victim's phone such as in SMS/call based two-factor authentication.

Attackers will initially use other compromised information to bypass a company's security checks and request the new SIM. This information may be gained from leaked information on the dark web, phishing emails, or malicious software installed on user devices.

ADVICE

Be on the lookout for warning signs. Suddenly losing all service could indicate that a criminal has transferred your phone number to a different device. Receiving random authentication codes could also be a sign that someone is trying to breach your online accounts. Contact your phone company and financial institutions to mitigate any potential damage if you suspect any of the above.

SMS based two-factor authentication is better than nothing, however it is better to use an authenticator app instead (e.g. Google/Authy). Using these apps will protect accounts against SIM swap attacks.

As mentioned, criminals may use other personal information to bypass security checks. Make sure that you are not exposing this sort of information on any of your online profiles. This information could be your phone number itself, or information such as your address / education / mother's maiden name / banking information etc.

Many phone companies will allow you to put a unique PIN on your account.Enable this for another layer of security.

Similarly, make sure that your bank accounts have as many security procedures enabled as possible. For example, in one of these cases, Voice ID prevented a criminal from draining a victim's bank account.

Make sure that you know how to defend against Phishing attacks looking to compromise personal information used to bypass security checks - see the NCSC's guide on this at https://www.ncsc.gov.uk/phishing

Following on from the above point, don't download potentially malicious apps from untrusted sources, these could also steal your personal information to enable SIM swapping.

Many accounts ask you to link your phone number to them. One alternative is to obtain and use a VoIP number (Voice over Internet Protocol), if possible. Since VoIP numbers operate over the internet, they are immune to being SIM swapped.

If you are a victim of SIM Swapping, report it to Action Fraud https://www.actionfraud.police.uk/.

By using this website you agree to our use of cookies to enhance your experience. I understand