What is a SIM-swapping attack and how do you protect against it?
Scams caused over $68m in losses last year
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.The FBI is warning about a massive increase in so-called “SIM-swap” attacks, where criminals find ways to divert victims’ phone numbers onto a SIM card under their control.
Last year, the FBI’s Internet Crime Complaint Center (IC3) got more than 1,600 complaints of SIM-swapping, a more than 15 times increase over previous years, according to a recent FBI public service announcement. The scams caused more than $68m in losses to victims in 2021.
“Once the SIM is swapped, the victim’s calls, texts, and other data are diverted to the criminal’s device. This access allows criminals to send ‘Forgot Password’ or ‘Account Recovery’ requests to the victim’s email and other online accounts associated with the victim’s mobile telephone number,” the FBI wrote in its PSA.
The SIM-swappers then use these links to take control of accounts linked to the phone number, including banking apps and cryptocurrency wallets.
Hackers and other criminals have a number of ways of taking control of a phone number, from using phishing techniques to infect a victim with malware, to bribing or tricking wireless carrier employees to hand over the phone numbers. Scammers can also exploit information that’s been taken during data breaches at mobile carriers, according to the FBI.
Fraudsters have also taken to a similar scam in recent years, involving opening up an account with a new cell phone carrier, then persuading the victim’s original carrier to “port out” the number to the new account.
Roughly 6,000 accounts were recently ported out from TracFone, Straight Talk, and other low-cost prepaid carriers.
The FBI says there are a number of ways of guarding against such schemes.
Mobile phone users shouldn’t attract undue interest to themselves by bragging about how much money or crypto they spend, nor should they give their password or PIN to anyone representing themselves as a customer service agent unless they are sure the request is coming directly from their phone company.
Other basic pieces of cyber etiquette help, too, including refraining from putting one’s phone number online and avoiding reusing passwords.
Consumers are also advised to opt for authenticator apps, physical security keys, or biometric identifiers in lieu of mobile-based two-factor authentication if possible.
Victims of SIM-swap attacks are encouraged to immediately contact their mobile carrier and law enforcement, as well as change the passwords on all their online accounts and notify their financial institutions of the potential breach.
Last year the Federal Communications Commission said it is working on rules to combat SIM swaps.
“The FCC has received numerous complaints from consumers who have suffered significant distress, inconvenience, and financial harm as a result of SIM-swapping and port-out fraud,” the commission said at the time. “In addition, recent data breaches have exposed customer information that could potentially make it easier to pull off these kinds of attacks.”
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments