SIM swapping—also known as SIM swap scam, SIM hijacking, port-out scam, or SIM splitting—is a type of account takeover fraud where a cybercriminal fraudulently transfers your phone number to a SIM card under their control. This allows the attacker to intercept calls and text messages intended for you, including one-time passwords (OTPs) used for two-factor authentication (2FA) and account recovery.
How Does SIM Swapping Work?
- Information Gathering: The scammer collects personal information about the victim, often through phishing, social engineering, data breaches, or by purchasing data from criminal sources.
- Impersonation: Using this information, the attacker contacts the victim’s mobile carrier, impersonating the victim and claiming to have lost or damaged their SIM card, or requests to switch to a new device.
- SIM Transfer: The carrier is tricked (or, in rare cases, bribed) into activating the victim’s phone number on a SIM card controlled by the attacker.
- Takeover: Once the swap is complete, the victim’s phone loses service, and all calls and texts—including those used for authentication—are routed to the attacker’s device.
Why Do Criminals Use SIM Swapping?
• Account Takeover: With control of your number, criminals can reset passwords and gain access to your online accounts, including email, social media, and financial services.
• Financial Theft: The primary goal is often to steal money, such as accessing bank accounts or cryptocurrency wallets.
• Identity Theft: Attackers may use your accounts for further identity theft or sell access to others.
• Extortion and Espionage: In some cases, attackers may use access to extort victims or gather sensitive information for surveillance.
Signs of SIM Swapping
• Sudden loss of cell service (no calls or texts)
• Notifications about SIM or number changes you did not request
• Inability to log into accounts tied to your phone number
• Unusual activity on social media or financial accounts