With so many online services associating phone numbers with a person’s identity, it is more important than ever to ensure that malicious actors cannot take control of your number. However, a growing scam called SIM swapping seeks to do just that. Using personal information found or bought online, scammers can call a cell phone service provider while posing as a customer and ask to have the victim’s number transferred to the scammer’s phone. Without the proper precautions, this can all be done without any contact with the real customer.
SIM swap scams can cause more harm than just a fraudulent phone bill. Combined with other personal information, access to a victim’s phone number can allow scammers to access a variety of online accounts, all while posing as the legitimate owner of those accounts. This could even allow access to the victim’s email and online banking accounts. It also allows scammers to bypass any SMS or phone call-based two-factor authentication.
Phone service providers have added a few security measures to help stop SIM swap scams, but they rely on you to keep them secure. First, you can set up a PIN that must be provided before a SIM swap can be completed. Your PIN should be kept private, and should not be based on other personal information, like your birthday. Additionally, you should never send a security code from your provider to the sender of an unexpected text or phone call. Scammers may pose as your service provider before or while attempting a SIM swap scam in an effort to trick you into giving up verification codes sent by your provider. If you receive a code, it is best to contact your provider directly using their official contact information, not a number sent in a text.
For more information, please see:
https://scambusters.org/simswap.html
https://www.wired.com/story/sim-swap-attack-defend-phone/