What is SIM Card Fraud?

SIM swapping, or SIM hijacking, occurs when attackers take control of your mobile number. They trick your cell phone provider into transferring your number to their mobile device and use your phone number to access your other accounts.

According to the FBI over $68 million was lost to SIM card fraud in 2021. A SIM swap can be particularly devastating because many internet services—including email, online banks, and online shopping websites—rely on mobile phone numbers to help users recover account access if they forget a password. “Once the SIM is swapped, the victim’s calls, texts, and other data are diverted to the criminal’s device. This access allows criminals to send ‘Forgot Password’ or ‘Account Recovery’ requests to the victim’s email and other online accounts associated with the victim’s mobile telephone number,” the FBI added. 


How Does SIM Card Swapping Happen?

It’s Not That Hard…

SIM swapping happens when scammers contact your mobile phone’s carrier and trick them into activating a SIM card that the fraudsters have. Once this occurs, the scammers have control over your phone number. Anyone calling or texting this number will contact the scammers’ device, not your smartphone.

This is known as SIM swap fraud, and it means scammers could potentially enter your username and password when logging onto your bank’s website. The bank will then send a code by text — two-factor authentication — to your smartphone number, a code that you’ll then have to enter to access your online account. The problem? After a SIM swap, that number now goes to the smartphone or other device possessed by scammers. They can then use that code to enter your bank account.

 With 97% of Americans owning a cellphone today, SIM Swap losses will only continue to increase as fraudsters are aware of how lucrative SIM swapping can be.  

Many Accounts using 2FA are Vulnerable

Once scammers have done the SIM swap they make many accounts vulnerable to Account Takeover Fraud including:

Government Benefits

Cell phone contracts

Checking/Savings Accounts

Credit Cards

Online Shopping Accounts

Store Cards and Loyalty programs

Further complicating matters is that activities typically associated with account takeover fraud—changing the email, phone number or password associated with an account—occur many times a day and the use of 2FA is supposed to make it safer!


Before we move ahead to ways we can protect ourselves, take a look at this video highlighting some real examples of how people have been scammed in a SIM Card Swap…


How Can We Protect Ourselves?

  • 1: Change the PIN from its default number to a new one that only you know. Learn how to change your SIM PIN on Apple and Android devices. When you buy a SIM card, you also get a PIN for it. This four-digit code activates the SIM card when you insert it into your phone.
  • 2: Changes to your phone number or email address. Hackers will attempt to switch your contact information. Be alert to any attempts to do this via scam texts and emails.
  • 3: Update all software and apps to eliminate potential vulnerabilities. 
  • 4: Install antivirus and anti-malware on your devices
  • 5: Change your passwords so that attackers can’t continue to log into your accounts. This is a constant theme, so simple! Just do it!
  • 6: Regularly Review online statements and account charges. We have to be vigilant and diligent if we want to remain safe. Look for charges that you don’t recognize — both large and small. Scammers will try to validate your bank account or credit card information by making small purchases first before moving onto larger fraud attempts
  • 7: Safeguard your credit. Even before you fall victim to account takeover, you might want to consider placing a credit report fraud alert or credit freeze with the bureaus. We can help, call us.
  • 8: PIN codes: If your phone carrier allows you to set a separate passcode or PIN for your communications, consider doing it. It could provide an additional layer of protection.
  • 9: Use an authentication app like Google Authenticator (or a similar tool) to secure all of your online accounts.