SIM Swapping Scam

SIM Swapping Scam

A SIM Card is the little chip you insert into your cellphone. It authorizes your device’s use on the carrier’s network. The SIM Card is what is authorized and programmed with the phone number.

The scammer convinces the mobile carrier to switch the victim’s cell phone number to a new device. This is known as SIM swapping or SIM hijacking. This happens without the true account holder’s permission. The goal of this is to redirect any phone calls or text messages to the new, scammer-controlled device. Once they have control, the scammer can intercept two-factor authorization requests. This allows them to access the victim’s secured accounts. They do this in a multistage attack.

Information Gathering

This scam is a targeted attack. They are looking at one victim, not many. The scam starts with the scammer gathering as much information about the victim as they can. They will need the victim’s address, phone numbers, and security codes. They also require identification numbers, such as driver’s license information. Additionally, they need login information and billing details. This can be accomplished by phishing, keyboard loggers, social media and past data breaches.

Impersonation

The scammer then contacts the mobile carrier pretending to be the victim. Providing the information required to convince the mobile carrier that they are the victim. Once they convince the carrier, they can then port the victim’s phone number to another device that the scammer controls.

SIM Activitation

The carrier then activates the SIM transfer to the scammer device, and the victim’s device loses the carrier. What this means is the victim can no longer receive calls or text messages on their device. Essentially, the device has been disconnected from the carrier. The victim’s phone will show an error like No SIM Card Installed, or No SIM Card Inserted.

Account Access

With control over the phone number, the scammer can now impersonate the victim. They can log in to the victim’s secured accounts. Intercepting text messages and calls destined for the original cell number. The scammer can then log into the accounts and do what they wish.

Real World Example

In 2024, a Toronto couple was the victim of the scam. The couple got a message that their phone went into SOS Mode (another name for No SIM Card / No Carrier). They contacted the mobile carrier, but the scammers were very quick. They cleared out the couple’s crypto accounts for $140,000 and their bank accounts.

How To Protect Yourself

  • Don’t use text messages or emails for multi-factor authentication. Use an authenticator app instead ,like Authy, Microsoft Authenticator, or Google Authenticator.
  • Ensure that your mobile account is secured with a unique PIN that you only use for this account. Do not share that PIN with anybody
  • Be careful what information you share online.
  • Be vigilant for Phishing attempts – learn how to recognize a phish
  • Monitor your accounts for suspicious activity. If any notice, contact the institution immediately.

What To Do If You Are Affected by This Scam

  • Contact the mobile carrier immediately, report the unauthorized SIM Swap, and regain control of the phone number
  • Notify your financial institutions
  • Change your passwords
  • Report the incident to the authorities.
  • Follow our guide here