• Home
  • What is a SIM-swapping Scam and How Do I Protect Myself?

What is a SIM-swapping Scam and How Do I Protect Myself?

What is a SIM Swapping Scam and How Do I Protect Myself?
08Jan

What is a SIM-swapping Scam and How Do I Protect Myself?

As organizations increasingly rely on technology to do business, attackers continue to find new and innovative ways to trick employees into giving them organizational or financial data.

We’ve previously discussed shipping scams that increase during the holiday season, how to avoid online and phone scams and a very specific phishing scam prevalent with Microsoft 365 users.

However, a growing form of identity theft — called SIM swapping — goes beyond stealing login credentials.

In a SIM-swapping scam, attackers take over your phone number, meaning any calls or texts go to them instead of you. The sinister part of this scam is any protections that were enabled to secure account access, such as multifactor authentication (MFA) requests that happen via text message, also will go to the attacker, helping them lock you out of your account.

According to a report from the FBI Internet Crime Complaint Center, SIM-swapping complaints have increased more than 400% from 2018 to 2021, with more than $68 million in estimated losses as a result.

How Does a SIM-swapping Scam Work?

Attackers use personal information (such as phone numbers, addresses, birthdays and Social Security numbers) collected through data breaches, leaks and other phishing scams to impersonate victims as they contact their cell phone carriers.

They will contact your carrier, claiming “their” phone and SIM card were damaged, lost or stolen and ask for the phone number to be linked to a new SIM or eSIM.

Once the request is fulfilled, any texts or calls will be directed to the attacker.

How Do I Protect Myself?

Cybersecurity experts agree that prevention is the best form of protection. Fortunately, a lot of the habits they (and Hungerford) have been recommending for general online security will help prevent SIM-swapping scams.

Don’t Use MFA with Texts

While using any sort of MFA is better than not using MFA at all, it’s recommended to use biometrics (such as a fingerprint or face ID) or MFA apps (Google Authenticator, Duo, etc.).

It is more difficult for attackers to access these methods of MFA because they are tied to who you are or use separate logins and encryption rather than being tied to your phone.

Many carriers have protections in place to combat SIM-swapping scams, such as setting up a unique passcode to prevent significant account changes. Check with your carrier to see what protections they offer, especially if your cell phone was issued by your organization.

Watch for Phishing Attacks

If your organization implemented phishing training and continues to receive quarterly training modules to keep up with new scams, well done! Phishing training is the best way to combat online scams.

If you haven’t utilized any phishing training, now is a good time to start. Phishing attacks rely on human error to be successful, and all it takes is one wrong click for an attacker to infiltrate your organization.

“It’s scary to think your phone number could be taken over by a stranger with relative ease. Proactive measures — such as using strong passwords, not using text-based MFA requests and watching out for phishing attacks — are the best way to protect your phone number.”

Improve Password Hygiene

Adopting better password habits means using strong passwords and not using the same password for multiple accounts.

If you have been using the same or similar passwords for multiple accounts, change them all immediately. When your login credentials are leaked or sold on the dark web, attackers will use that username and password combination on other sites hoping to gain access to more accounts.

If you’re having a hard time remembering all of your passwords, you can try using passphrases that are easier to remember and satisfy length requirements.

Or, you can utilize password managers, which require you to remember one master password to access your database of encrypted passwords. Most password managers cost anywhere from $1 to $8 per month, but there are free versions that will cover basic needs.

What Do I Do if I’m a Victim?

If you believe you are a victim of a SIM-swapping scam, take these steps as quickly as possible.

  1. Every carrier should have instructions on how to report a SIM-swapping scam.
  2. Additionally, you should send complaints to the Federal Trade Commission, the Internet Crime Complaint Center or your state attorneys general.
  3. If financial information was stolen, such as credit card or bank account numbers, inform your bank or credit card company. They can alert you to any suspicious activity.
  4. Lastly, notify credit agencies, like Equifax, Experian and TransUnion. They can freeze your account and add a warning to your credit report, which will encourage lenders to contact you before lending money.

It’s scary to think your phone number could be taken over by a stranger with relative ease.

However, proactive measures — such as using strong passwords, not using text-based MFA requests and watching out for phishing attacks — are the best way to protect your phone number.

West Michigan Managed IT Services

Looking to protect your company from cybersecurity threats? Contact us to learn how we can help secure your sensitive data.

Stay updated! Get tips and insights delivered to your inbox weekly by subscribing to our newsletter.

Get Support
Subscribe To Our Newsletter

Share this post

Related Posts

Winter Weather Introduces Work from Home Security Issues
14Jan

Winter Weather Introduces Work from Home Security Issues

As winter storms hit, remote work has made life much... read more

How Long Does Cisco Support Firewalls and Other Hardware?
06Jan

How Long Does Cisco Support Firewalls and Other Hardware?

The backbone of your security measures, firewalls act as a... read more

Buying Equipment Through Hungerford Managed Service Provider
30Dec

Why Buy Equipment Through Hungerford When I Can Get It Cheaper Elsewhere?

Buying equipment through Hungerford or any managed service provider ensures... read more

What Does New Outlook Offer that Classic Outlook Doesn’t?
25Dec

What Does New Outlook Offer that Classic Outlook Doesn’t?

Microsoft released new Outlook in 2023, featuring a more modern... read more

Man In The Middle Attacks Managed Service Provider Grand Rapids
18Dec

Change Your Microsoft Sign-in Page to Avoid Man-in-the-middle Attacks

Man-in-the-middle attacks are cyberattacks in which a hacker can steal... read more

Why We Recommend Cable Installation Services
16Dec

Why We Recommend Cable Installation Services

Wireless technology is only going to become more prevalent as... read more

Traveling For Work Managed Service Provider
11Dec

Are You Traveling for Work? Here’s What We Need to Know.

If you’re traveling abroad for work, it’s important you let... read more

The Case Against BYOD for Business Security
04Dec

The Case Against BYOD for Business Security

You should never let employees use their own devices for... read more

Email Examples: What Ends Up in Inbox vs. Junk vs. Quarantine
02Dec

Email Examples: What Ends Up in Inbox vs. Junk vs. Quarantine?

If you use Microsoft Outlook as your email client, we’ve... read more

What is Cisco Duo MFA?
27Nov

What is Cisco Duo MFA?

Duo is a multifactor authentication app that adds an extra... read more