Updated on 2/12/2024 with differences between phone cloning, SIM cloning and SIM swapping.
Our phones are the key to our digital identity, so it’s no wonder that mobiles have become increasingly attractive targets for cybercriminals, who have at their disposal a fair number of ways to hack a smartphone, some of which require more access and technical savvy than others.
When people talk about phone cloning, they are referring to one of three things: phone cloning, SIM card cloning, or SIM card swapping.
True phone cloning involves copying the device information – the ESN (electronic serial number) and/or MIN (mobile identification number) – to another device. In the past, this information was used to identify a device on cellular networks. However, advances in cellular networks and technology have made true phone cloning extremely unlikely in most countries, including the US.
Today's cellular phones use SIM cards to store your identifying information. To truly clone your cellular identity, someone would have to remove the SIM card and place it in a SIM reader to copy it to a blank SIM. This type of SIM card cloning is rare because someone would have access to your physical device.
The biggest threat, and what you usually hear about, is SIM swapping. This is where hackers either go into a carrier store or call a carrier's customer support and impersonate account holders to get a new SIM. This method, which relies on social engineering tactics to find out personal information that carriers use to authenticate customer accounts, differs from the highly technical method for SIM card cloning, but the end result is the same – to gain control over someone’s phone service.
Once the perpetrator has control of your phone number, they can send messages and make calls that appear to be from that phone number, with the bill footed by the victim. The bigger danger is that text messages and calls intended for the rightful owner of the line can also be intercepted – including two-factor authentication codes that allow snoops to get access to critical accounts like email, social media, and even banking. (The vulnerability of text messages is one reason why experts recommend other methods of two-factor authentication.)
If the worst has happened and a hacker takes control of your phone number, you need to call your cellular provider. They should be able shut down service to the hacker's device and restore your number to your phone.
Also read: How to tell if your email has been spoofed
6 Signs that you may be a victim of SIM swapping or cloning
1. Receiving an unexpected text requesting you to restart your device
This may be the first sign that your SIM card has been compromised – restarting your device gives the attacker a window in which your device is off, and they can load their phone with a clone of your SIM.
2. Calls or texts on your cellphone bill that you don’t recognize
Any outgoing texts and calls made on the cloned SIM will seem to be coming from your phone number – and land on your bill. Even if you don’t have an itemized bill, international calls will show up here, so keep an eye on your monthly payments and double-check when you pay more than usual.
3. You stop receiving calls and texts
If someone else has control of your phone number through SIM swapping, calls and texts will be diverted to their device. Check this by having a friend or your partner call you to see if the call rings and if it comes through to your phone.
4. You see your device in a different location on Find My Phone
Logging into Find My iPhone or Google’s Find My Device can be a way to check on the integrity of your SIM. If your phone is on your desk, but on the map appears to be somewhere else, someone else may be using your cell service. (Chances are, phone hackers would disable this setting, however.)
5. You get a message from your carrier saying your SIM has been updated
If your number has been activated on a new device, your network provider will probably send a text or email confirming your details have been updated to the main account holder – a major red flag if you haven’t done anything. Of course, you won't get that text if your SIM has been swapped (unless you're using iMessage), so this may be the point where you only realize something is up when your phone no longer has service.
6. You’re mysteriously locked out of your accounts
You might find someone has commandeered your email accounts and social media handles. If someone has control over your phone service, they can do things like request a password reset, receive a two-factor authentication code, and then change the password.
Can you prevent SIM cloning and swapping?
You can protect your phone by observing the same cybersecurity practices that keep you safe online:
- Check that carrier texts are coming from legitimate numbers – for example, do they show up in the same message thread as previous carrier texts?
- If you see a lot of spam texts in a short time, it's a red flag that a SIM swap may be in progress. Watch for a text from your carrier and notify them that you are not attempting to move your service to another device or acquire a new SIM card.
- Be skeptical of any texts that request you to do something – are they worded in the way you would expect? What do Google search results have to say about the sender’s number? When in doubt (and you always should be), contact your carrier directly rather than following any links or instructions in a text you received.
All of the major carriers offer some version of SIM swap protection that is supposed to, in theory, make it more difficult for scammers. But there are plenty of stories out there of swaps happening despite this protection in place. The carrier rep may be tricked into thinking the hacker is you or, in the worst cases, may actually be operating in cahoots with the scammers. With T-Mobile, they send a text that you must respond to within ten minutes to NOT swap your SIM to another phone. There have been reports of hackers flooding your phone with spam messages so you don't notice the authentic carrier text. So if you see a sudden flood of text spam, be cautious.
SIM swapping and cloning aren't the only ways your phone can be compromised. If you have concerns about the security of your device, read our story on how to tell if your phone has been hacked.
[Image credit: phone hacking concept via BigStockPhoto]
Natasha Stokes has been a technology writer for more than 10 years covering consumer tech issues, digital privacy and cybersecurity. As the features editor at TOP10VPN, she covered online censorship and surveillance that impact the lives of people around the world. Her work has also appeared on BBC Worldwide, CNN, Time and Travel+Leisure.
