People are being warned of a new scam fraudsters are using to gain access to phones.
SIM swap fraud happens when scammers exploit a weakness in two-factor authentication to use your phone number to access your accounts. They contact your mobile carrier and trick them into activating a SIM card that the scammers have. This gives them control over your phone number, so calls and texts go to the scammer’s device instead of yours.
With control over your number, scammers can log into your bank’s website using your username and password. When the bank sends a two-factor authentication code to your phone number, it goes to the scammer’s device. They then use this code to access your bank account.
To protect yourself, prevent scammers from knowing your logins and passwords. Look out for warning signs of a SIM swap scam.
A SIM card, or subscriber identity module, is a small card with a chip that allows your smartphone to make calls and send texts. Without it, your phone can only access the web on Wi-Fi or take photos.
Scammers use personal information and social engineering to trick your carrier into activating a new SIM card. They might send phishing emails or use malware to gather your information. They can also buy your information on the dark web. With this data, they convince your provider to switch your number to a new SIM card, giving them access to your phone communications and any codes or password resets sent via text.
Scammers might set up a second bank account in your name to transfer money without triggering security alarms. They also use social media to gather information to impersonate you. However, social media can alert you to a scam.
Signs of a SIM swap include not being able to make calls or send texts, notifications of your number being activated on another device, being unable to access your accounts, and noticing transactions you didn’t make.
To protect against SIM swap scams:
Be cautious of phishing emails and don’t click on unknown links.
Use strong, unique passwords and security questions for your phone account.
Set a separate passcode or PIN if your carrier allows it.
Don’t rely solely on your phone number for security and authentication.
Use authentication apps like Google Authenticator for two-factor authentication.
Check if your bank and mobile carrier offer alerts for SIM swap activity.
Banks can use technology to analyze customer behavior to detect compromised devices.
Some organizations call customers back to verify their identity.
SIM swapping shows that a phone number isn’t the best way to verify your identity. Adding extra layers of protection can help keep your accounts and identity safer.