While traveling in the Bahamas this week, I was the victim of sim swapping. What is it and what did I do about it?
All Of The Sudden, My Phone Wasn’t Quite Right
I was in the Bahamas this week for a luxury travel conference and found that following dinner, my phone wasn’t working quite right. I received emails from a bank stating that my credit cards were no longer associated with my phone. I immediately checked my account, and everything was safe and secure, but when I called my wife to ask if she had made a change to our account, I couldn’t call out. I asked her to call me instead and instead of ringing, she heard what sounded like a game show. Others confirmed the same.
Luckily, my wife was able to contact our cell phone carrier and secure my account and my SIM but it made me wonder how SIM swapping works and what to do about it if you’re targeted.
To stall a SIM swap (or clone) effects dial ##004# and you should see the following messages:
- Setting Erasure Succeeded, Voice Call Forwarding, All Conditioned Calls
- Setting Erasure Succeeded, Data Call Forwarding, All Conditioned Calls
- Setting Erasure Succeeded, Fax Call Forwarding, All Conditioned Calls
- Setting Erasure Succeeded, SMS Call Forwarding, All Conditioned Calls
- Setting Erasure Succeeded, Sync Data Circuit Call Forwarding, All Conditioned Calls
- Setting Erasure Succeeded, Async Data Circuit Call Forwarding, All Conditioned Calls
Understanding SIM Swap Attacks
Sim swap attacks are no small matter. These types of attacks involve some serious cyber maneuvering and are a form of account takeover fraud specifically targeting two-factor authentication and two-step verification. The hacker’s goal? To gain total control over the victim’s phone number by porting it to a different SIM card, but how do they do this? They often use social engineering techniques to convince the phone service provider that they are the rightful owner of the number.
A scammer first gathers personal information about the victim. They might achieve this through various means such as phishing emails, malware, or even buying information on the dark web. Once they’ve gathered enough information, they then contact the victim’s mobile carrier and pretend to be the victim. They request a SIM card replacement. Once they have the new SIM card, they activate it. Now they receive all incoming calls and messages intended for the victim.
I expose more personal details than I should on this blog and in public, so perhaps it’s not a surprise that someone was able to gain the information needed.
Deciphering the Hack: The Different Methods of Attack
Hackers, like traditional thieves, utilize tools of the trade. SIM card hacks might use methods like Simjacker attacks, SIM card swapping, and SIM cloning. In Simjacker attacks, hackers send a spyware-like code to a target device via an SMS message. This code allows them to spy on calls, and messages, and even track the location of the device.
Another method is SIM card swapping. This is where hackers trick phone providers into sending them a replacement SIM card. By doing so, they gain control over your phone calls, messages, and even two-factor authentication codes. It’s like someone stealing your house keys, and then changing the locks so you can’t get in. This method relies heavily on social engineering techniques, where the scammer convinces the phone provider that they are the legitimate owner of the phone number.
SIM cloning is the third method. This one requires physical access to a SIM card to create a copy of it. Once the cloning is successful, the hacker intercepts communications and gains access to the victim’s accounts. For me personally, it seems like this one was the case as I only once walked through the casino floor to go from dinner to a shop and this is the moment it happened.
Identifying a Hacked Sim Card: Signs to Look Out For
Knowing the signs of a hacked SIM card could save you a world of trouble. One common sign is the sudden inability to make calls or send texts. This could mean that the scammer has successfully swapped your SIM card and is now using your number.
Another sign to be wary of is receiving notifications of account activity on another device. This suggests that your SIM card has been cloned and is being used in a different device without your knowledge. If you find unauthorized transactions on your accounts or are unable to access your accounts altogether, it’s a strong indication that your SIM card may have been compromised.
SIM forwarding can be a sign that your SIM card has been hacked. I experienced this effect but it appears my personal data has been protected.
Shielding Your SIM: Proactive Measures for Protection
How do you protect yourself from these SIM card swaps and other SIM card hacks? There are several proactive measures you can take. Here are a few more tips to help you secure your SIM card:
- Use alternative methods of two-factor authentication, such as authentication apps or physical security keys. These methods are more secure than relying solely on SMS-based two-factor authentication, which can easily be intercepted in a sim swap attack.
- Set up a PIN code on your SIM card. This extra layer of security ensures that even if someone manages to obtain a replacement SIM card, they won’t be able to activate it without the PIN code.
Don’t Underestimate SIM Cloning
SIM cloning isn’t just a plot in a bad spy movie. It’s a real threat to personal security. It involves physically accessing a SIM card and creating a copy of it. Once the cloning is successful, hackers intercept communications and gain access to accounts tied to the cloned SIM card. This can lead to unauthorized access to personal information, financial accounts, and even social media profiles.
For instance, imagine a scammer clones your SIM card and gains access to your social media accounts. They could impersonate you, post false information, or even use your accounts for malicious purposes. This highlights the importance of taking steps to protect your SIM card from being cloned. It’s not just about protecting your number; it’s about protecting your identity.
SIM Swapping Can Lead to Financial Theft
Once a sim swap scam is successful, the fraudster gains access to various accounts tied to the hijacked phone number, including bank accounts and social media accounts. This can result in significant financial theft and the potential for other forms of exploitation. It’s like a digital pickpocket who can access not just your wallet, but your entire life.
There have been several high-profile hacks using sim swapping, including incidents on popular social media platforms like Instagram and Twitter. These incidents demonstrate the real-world impact of sim swap scams and the potential for financial loss.
Fortifying Security Beyond the Basics
In addition to using strong, unique passwords and avoiding the use of publicly available information for password recovery questions, there are other measures you can take – measures I had already taken. Consider strengthening account security by enabling multi-factor authentication methods that are not reliant on SMS-based codes. Authentication apps, physical security keys, and behavioral analysis technology can add an extra layer of security to your accounts and make them more resistant to sim swap scams. In the end, adding a SIM password would have been sufficient.
Here are a few additional security measures to consider:
- Use a password manager to generate and store complex passwords.
- Regularly update your devices and apps to ensure you have the latest security patches.
- Be wary of suspicious emails or messages that request personal information.
Victim of a SIM Swap Scam: Your Next Steps
If you suspect you’ve been a victim of a sim swap scam, don’t panic. It’s crucial to act quickly though. Contact your mobile carrier and inform them of the issue. They can help investigate the incident and take steps to secure your account. If you are unable to contact them by dialing out, try calling via wifi (this worked for me) or open up a chat on a secondary device (like a laptop) with your mobile provider.
Changing account passwords, especially for financial and social media accounts, is another important step to prevent further unauthorized access. Make sure to choose strong, unique passwords that are not easily guessable.
If your SIM is hacked, contact your mobile carrier immediately. Having your SIM stolen is a significant risk, as it gives the thief access to your phone number and online accounts. If your SIM is compromised, change your account passwords immediately. A compromised SIM can lead to unauthorized access to your accounts.
Becoming More Common
Sim swap scams are on the rise, with the FBI reporting an increase in reported cases and losses. In 2021 alone, victims lost $68 million to sim swap scams compared to $12 million in the previous three years. These numbers highlight the sharp increase in this type of fraud and the need to take steps to protect against sim swap scams. It’s a growing problem that needs our attention.
By being proactive and implementing the recommended security measures, you can significantly reduce the risk of falling victim to a sim swap scam. Protecting your personal and financial information should be a top priority.
Card hacking can lead to unauthorized transactions on your accounts. One of the signs of being a victim of a hack is receiving suspicious text messages. Accessing your accounts frequently is necessary to ensure they have not been compromised.
I’ve had a cell phone since high school (before mobile phones were commonplace) and have never been a victim of SIM swap fraud. But I should have been paying more attention – even Jack Dorsey’s Twitter account was hacked using this method. And we all have a lot more at stake on our mobile devices including credit card numbers and accounts that can reveal our social security numbers. I’ll be taking a much more active role in preventing SIM swapping in the future, but hopefully my issue will serve as a cautionary tale that it can happen to you, but hopefully it doesn’t.
What do you think? Have you been the target of a SIM attack?