You might know that SIM cards are those small, removable cards inside your mobile device that identify you and give you access to your mobile provider’s network. But did you also know that criminals can now swap your SIM (Subscriber Identity Module) card through their cellphone provider, gain access to your phone, and steal information they could use to access your bank accounts?
SIM swapping is a relatively new type of fraud targeting your personal information so that criminals can impersonate you and access your bank accounts. Most victims won’t know they’ve been compromised until they try to place a call or send a text message which doesn’t go through.
How the SIM swapping scam works
- SIM fraudsters will start by trying to find some information about you like your name and phone number. They’ll trick you into providing this information by sending you a phishing email or by searching your name and your phone number if you’ve published it on social media sites.
- Once they have enough personal information, they’ll call your cellphone provider or use the online chat option pretending to be you and will request a new SIM card in your name.
- Once they’ve gained the new SIM card connected to your phone number, they’ll have access to all services you’ve linked to your phone: bank accounts, emails, pictures, phone calls, text messages, etc.
How to protect yourself
- Set up a passcode/PIN with your service provider to access your phone for any online or phone interactions. Do not use the same PIN as you use for other accounts, like your bank account.
- Don’t publish your phone number on any of your social media profiles and limit the amount of personal information you post online like your birthday, elementary school names, or your pet’s name. Fraudsters can use these clues to answer common identification questions and impersonate you.
- Don’t use the same passwords or usernames across multiple accounts. Always create a strong, unique password for your sensitive accounts. Click here to learn more about how to create a strong password.
Don’t click on links or attachments in suspicious emails or text messages. Remember that your bank will never send you an email, or call you on the phone, asking you to disclose personal information such as your password, credit or debit card number, or your mother’s maiden name.