In a SIM swap, scammers steal your phone number so they can pretend to be you to access your online accounts. That means they could get into everything from your bank accounts to your social media profiles.
Once the scammer has your number, they also have access to your text messages. They then request a password change or access to your bank account. And with access to your text messages, the scammer can input the security code and change your password to access your account. With all of that information, it’s easy for a scammer to steal your identity.
It's such a serious problem that lawmakers are pushing for new regulations that will make it harder for scammers. But until that happens, you need to take steps to protect yourself from SIM swapping.
SIM swapping doesn't require you to do anything wrong. Even if you've done an excellent job of keeping your online identity secure, you can still be a victim. These scammers gain control of your phone number by convincing your cellular carrier that they’re you. They simply ask the carrier to transfer the number to a new phone, much like you would if you were upgrading your phone, or bribe a worker at a carrier retail shop. The scammer doesn’t have to hack or break into anything: your cellular carrier does all the work for them.
How to prevent SIM swapping
There are a couple of ways to make SIM swapping more difficult for scammers — and to limit the damage if someone does manage to steal your SIM.
Add a passcode to your cellular account
Every major carrier lets you add a PIN in addition to your password that you’ll have to provide before you can make changes to your account. (Use a password manager so you don’t forget it!)
For AT&T, sign into your account online and go to Sign-in info > Wireless passcode and add "extra security."
For Sprint, sign into your account online and go to My Sprint > Profile and security and scroll down to Security information.
For T-Mobile, sign into your account, choose a verification method (choose security questions, lie in your answers and save your answers to a password manager) and select Next to set up your verification method. Once your varification method is set, you can set up your PIN.
For Verizon, go to the Change Account Pin page, sign into your account and select a new PIN.
Upgrade your security code authentication
Instead of using text messages for security code authentication (two-factor authentication or 2FA), use an authentication app like Authy or Google Authenticator. Not all platforms accept these alternate authentication methods. In fact, of the big 4 carriers in the U.S., only T-Mobile supports it. To see if your carrier supports alternative authentication, check the 2FA list.
What to do if you're a victim of SIM swapping
If you suspect you’ve been victim to a SIM hijacking scam — which is likely if you’ve stopped receiving phone calls and text messages — the first thing to do is contact your carrier. They’ll be able to tell you if your number was transferred to a new SIM and revert the changes. Once you’ve done that, it’s time to assess the damage. Check to make sure all of your accounts still your accounts — and change passwords and security questions. It’s particularly important to secure your email account, since that can be used to reset other passwords, so start there first.
[Image credit: SIM hacking concept via BigStockPhoto]