In a SIM swap, scammers steal your phone number so they can pretend to be you to access your online accounts. That means they could get into everything from your bank accounts to your social media profiles.
Once the scammer has your number, they also have access to your text messages. They then request a password change or access to your bank account. And with access to your text messages, the scammer can input the security code and change your password to access your account. With all of that information, it’s easy for a scammer to steal your identity.
It's such a serious problem that lawmakers are pushing for new regulations that will make it harder for scammers. But until that happens, you need to take steps to protect yourself from SIM swapping.
SIM swapping doesn't require you to do anything wrong. Even if you've done an excellent job of keeping your online identity secure, you can still be a victim. These scammers gain control of your phone number by convincing your cellular carrier that they’re you. They simply ask the carrier to transfer the number to a new phone, much like you would if you were upgrading your phone, or bribe a worker at a carrier retail shop. The scammer doesn’t have to hack or break into anything: your cellular carrier does all the work for them.
How to prevent SIM swapping
There are a couple of ways to make SIM swapping more difficult for scammers — and to limit the damage if someone does manage to steal your SIM.
Add a passcode to your cellular account
Every major carrier lets you add a PIN in addition to your password that you’ll have to provide before you can make changes to your account. (Use a password manager so you don’t forget it!)
For AT&T, sign into your account online and go to Sign-in info > Wireless passcode and add "extra security."
For Sprint, sign into your account online and go to My Sprint > Profile and security and scroll down to Security information.
For T-Mobile, sign into your account, choose a verification method (choose security questions, lie in your answers and save your answers to a password manager) and select Next to set up your verification method. Once your varification method is set, you can set up your PIN.
For Verizon, go to the Change Account Pin page, sign into your account and select a new PIN.
Upgrade your security code authentication
Instead of using text messages for security code authentication (two-factor authentication or 2FA), use an authentication app like Authy or Google Authenticator. Not all platforms accept these alternate authentication methods. In fact, of the big 4 carriers in the U.S., only T-Mobile supports it. To see if your carrier supports alternative authentication, check the 2FA list.
What to do if you're a victim of SIM swapping
If you suspect you’ve been victim to a SIM hijacking scam — which is likely if you’ve stopped receiving phone calls and text messages — the first thing to do is contact your carrier. They’ll be able to tell you if your number was transferred to a new SIM and revert the changes. Once you’ve done that, it’s time to assess the damage. Check to make sure all of your accounts still your accounts — and change passwords and security questions. It’s particularly important to secure your email account, since that can be used to reset other passwords, so start there first.
[Image credit: SIM hacking concept via BigStockPhoto]
From Lorraine Ballato on January 22, 2020 :: 2:03 pm
Yes, it’s true. But in my case, they stole my landline number AND Frontier couldn’t reverse it. We had no phone, internet,and TV for 3 days. To fix it, we were forced to open a new account with all associated fees and then start rebuilding our profiles everywhere. The worst part is neither of my 2 senators nor the local police were interested in taking any action, despite this being an FCC issue. DO take the advice given and set up a password and lock your accounts.
Reply
From Josh Kirschner on January 22, 2020 :: 4:11 pm
I’m sure Frontier could have reversed it if they cared to try, and they certainly should not have made you eat the costs for opening a new account. Every carrier should have policies and procedures in place so these types of things can’t happen, and they should be held accountable if they don’t.
You may have better luck addressing this with your state representatives or US Congressperson, who might be more responsive to local constituents than your US Senators. You can also file a complaint against Frontier with the FCC: https://consumercomplaints.fcc.gov/hc/en-us/requests/new?ticket_form_id=39744. Not sure what will come of that, as the FCC is way behind the 8-ball on the issue, but you never know. Also, maybe one of your local papers would be interested in covering the story.
Reply