SIM Swapping: How Cyber Thieves Steal Your Phone Without Ever Touching It

sim-swapping-cyber-security

As a managed service provider serving the greater Miami and Fort Lauderdale area, Internos helps businesses train their teams on cyber security risks like SIM swapping, phishing and more.

You might not know what SIM stands for but you know you have one in your smartphone. It’s what makes your service provider know who you are and how to access your data. SIM stands for subscriber identity module and believe it or not, criminals can get your service provider to swap it out for one in the cybercriminal’s possession.

SIM swapping (a.k.a. SIM hacking, SIM jacking or SIM hijacking) is on the rise and criminals never need to see you  or touch your phone to gain access. Rather than stealing your phone, they simply call your provider and convince the provider’s agent that you’ve lost it and need to transfer your SIM to a new phone. From there, all doors to your credit and finances are at their fingertips.

Seems impossible? Unfortunately it is not only possible but often very easy to do because it exploits the single greatest cyber security weakness in any organization: people. 

Don’t get hooked in a phishing attack. Download the Phishing Prevention Cheat Sheet.

How SIM Swapping Works

Cybercriminals gather information about you from the internet, usually through social media or from previous phishing attacks. They call your phone service provider pretending to be you and use the information they’ve gathered to answer the pertinent questions that verify they are you. The next thing you know, you can no longer make phone calls or texts. Your SIM has been swapped and they are now receiving texts and phone calls sent to you.

Then you find out that some or all of your financial and personal information is being used by someone other than you. One man, Robert Ross, as reported by CNN, lost more than $1 million, his life savings, that way. This story is repeated often and at great loss to individuals.

Know what to do in a ransomware attack with our free checklist

SIM Swapping Signs

If your SIM has been moved for any reason, you will IMMEDIATELY notice:

  • No signal bars
  • You can’t make calls
  • You can’t make or receive SMS texts (Wi-Fi texting apps like What’s App and Facebook Messenger may still work)

What to Do if Your SIM Has Been Swapped

Even if you are not sure, take these steps immediately if you suspect that your SIM may have been swapped:

  1. Contact your mobile service provider to report the fraud. 
  2. Contact all your credit card companies, banks and other financial institutions to make sure the thief has not gotten into your accounts.
  3. Contact your employer and the IT team so they can take steps to prevent access to your company network.

Once you get your new SIM card for your real phone, install a multi-factor authenticator (MFA) app and then enable MFA by app for all possible online accounts. Because the app is physically on your phone, SIM swapping does not provide criminals with access to it. So using the authentication app to serve one time passcodes (OTP) is much more secure than having the OPT sent to you by text or push notification.

Go to your app store or search the internet for: 

Most importantly, be careful of what you share on social media! Have you mentioned your mother’s maiden name? It’s a common question to verify you are you. What about the city where you were born? Your first school? Your favorite movie? 

Don’t get hooked in a phishing attack. Download the Phishing Prevention Cheat Sheet.

Other Cyber Security Tips

  • Calls: Never give personal information to someone who calls you! If it’s a legit call, look at your bill for the provider’s phone number, hang up and call them.
  • Emails: Roll your cursor over the email address. If the email says it’s from Amazon but when you roll over the address you see something like <kasmith@yahoo.com>, or even <kasmith@amzon.com> it is very definitely a scam.
  • Always use a strong password that does not include any personal dates like birthdays, and change your password often. 
  • Do not use face recognition to open your phone. There have been cases where a photo has been used. Fingerprints are the safer option along with the MFA by AA and pin codes.

Lastly,  contact us or book a meeting, virtual or in person. We’ve been there, done that and can help you get through any IT situation. 

Posted in

Sandro Alvarez

Sandro is the CEO of Internos Group and a partner. He has spent the past 30 years building a career in IT, picking up an array of hardware and software certifications along the way. He’s a visionary who sees the big picture, then gets straight to work understanding every gear that grinds.

Use our Managed Service Provider Checklist to Find the Right

Our easy-to-follow checklist can guide you through the process of the best IT services provider for your business.

Are you a first-timer to IT support? Maybe you aren’t happy with your current MSP? This checklist will help you help you outline and define:

  • Your business goals for the next few years
  • The stats that potential MSPs will need to work out a plan for your company
  • The risk areas in your backup and cyber security practices
  • What you expect from your IT provider
  • And more!