You might know that SIM cards are those small, removable cards inside your mobile device that identify you and give you access to your mobile provider’s network. But did you also know that criminals can now swap your SIM (Subscriber Identity Module) card through your mobile provider, gain access to your phone, and steal information they could use to access your bank accounts?
SIM swapping is a type of fraud targeting your personal information so that criminals can impersonate you and access your bank accounts. Most victims won’t know they’ve been compromised until they try to place a call or send a text message which doesn’t go through.
How the SIM swapping scam works
- Many SIM swap scams start with a phishing email to try and trick you into revealing personal information the criminal can then use to impersonate you.
- Once they have enough personal information, the criminal will call your mobile provider or use the online chat option pretending to be you. They'll request a new SIM card in your name.
- Once they’ve gained the new SIM card connected to your phone number, they’ll have access to all services you’ve linked to your phone: bank accounts, emails, pictures, phone calls, text messages, etc.
How to protect yourself
- Set up a passcode/PIN with your service provider to access your phone for any online or phone interactions. Do not use the same PIN as you use for other accounts, like your bank account.
- Don’t publish your phone number on any of your social media profiles and limit the amount of personal information you post online like your birthday, elementary school names, or your pet’s name. Fraudsters can use these clues to answer common identification questions and impersonate you.
- Don’t use the same passwords or usernames across multiple accounts. Always create a strong, unique password for your sensitive accounts. Click here to learn more about how to create a strong password.
Don’t click on links or attachments in suspicious emails or text messages. Remember that your bank will never send you an email, or call you on the phone, asking you to disclose personal information such as your password, credit or debit card number, or your mother’s maiden name.