What is Dual SIM and Why Get a Dual SIM Phone?
If you’ve been in a mobile phone store lately, chances are you’ve seen a few smartphones with dual SIM technology. So, what is a dual SIM phone, and why is it useful to…
January 3, 2020
You may have already heard of SIM swapping, which is also called SIM card fraud or SIM hacking. If you’re wondering, “What is a SIM swap scam? Am I at risk?” The answer is YES. SIM fraud is a common scam that lets anyone take over your phone number. It’s very dangerous and you are probably at risk of it without even knowing.
SIM swapping is a type of scam that is becoming widespread. It gives criminals access to your most valuable asset—your privacy! It’s dangerous because it’s difficult to protect against, and it leaves targets wide open to personal data theft.
Your SIM card is the part of your cell phone that contains the actual phone number data and service.
SIM stands for the “subscriber identity module.” It’s the small chip that lives inside a mobile device and contains the data associated with the phone number. They are used by cellular service providers to individually identify each of us as subscribers and allow us to communicate with their specific mobile networks. A SIM card is what facilitates phone calls, lets users send or receive text messages, and even allows connections to 3G, 4G or even 5G cellular networks.
Think of it this way: if the battery is the brain of your phone, then the SIM card is the heart. And, just like your heart, you don’t want anybody to be handling your SIM carelessly.
In a SIM card swap attack, fraudsters use social engineering to gain access to the SIM of their victims. But it’s not a physical attack, so keeping your phone close at hand won’t protect you.
SIM attacks happen when criminals convince mobile phone providers (like AT&T, T-Mobile, Verizon, etc.) to transfer a phone number from one SIM to another. They move the phone number from the SIM of the victim to the SIM on a device in their possession.
The shocking thing about SIM swapping (also called SIM hacking or hijacking) is how easy it is. Scammers perpetuate these attacks by contacting the phone companies and pretending to be the owner of the phone number.
Firstly, the scammers call the customer service help number or email customer support. Then, they convince the customer support representative to move their phone number.
This is all perfectly routine because it’s very common to move phone numbers between SIM cards–if you’ve ever lost or damaged a cell phone beyond repair, you’ve probably had to do it yourself as well! This is called “porting,” which we have previously covered here on the blog.
When initiated by the owner of the phone number in question, phone number porting a very normal process. It typically involves providing documentation, like a recent account statement and personal information, to show that the person initiating the port actually owns the number.
What is abnormal is the lengths these scammers will go to, to defraud their targets. When it’s done illicitly, without the consent of the owner, then it becomes fraud. These SIM scams are sometimes also called “porting scams.”
Once the scammer has access to the victim’s phone number, they can access a treasure trove of personal information.
Financial accounts are the most targeted. Many people use their cell phone numbers to receive verification codes from their banks in order to prove their identity when logging in or resetting a password.
But after a SIM swap, the hacker is actually the person receiving the verification texts or phone calls. First, they request a temporary login code or one-time password (OTP) from the services the victim uses. Then hackers use them to gain access to online accounts like Facebook and Twitter, email log-in, financial accounts, the list is endless.
It’s widespread identity theft, and the scariest thing is, it’s both quick to commit and difficult to prevent.
Once the hackers have control of the phone number, they contact a variety of services with “forgot password” requests. They ask companies like Instagram, Google, or the victim’s financial institution to send a temporary login code or one-time password, via text message.
But the temporary code is actually sent to the hackers, who have taken control of the victim’s phone number.
According to MarketWatch, SIM hijacking is “the fraud the experts fear most.”
SIM card attacks are a recent phenomenon but are becoming increasingly more common. In the last year, a variety of high-profile SIM frauds have made headlines. Twitter CEO Jack Dorsey was the victim of such an attack in September 2019.
Even NPR has reported on the phenomenon and trusted investigative website Snopes has confirmed that SIM fraud is actually an industry-wide problem.
Some fraudsters are only looking to extort victims for their Instagram followers or Twitter account handle. Others want to drain their life savings. Either way, it’s a terrifying practice, and we expect to hear more alarming headlines over the coming month.
The top hits for a quick Google search on “What is SIM Swapping” include “SIM swapping scam,” “SIM Swapping arrest” and most alarmingly, “SIM Swapping tutorial”!
In an interview with the New York Times, a T-Mobile spokesperson clarified the position of the traditional telephony industry: “Account takeover fraud is an industry-wide problem. We use a number of safeguards to help protect against this crime and offer customers a variety of options to help them protect their own information.”
Here are our tips for staying protected against SIM swap fraud:
The very best way to stay protected against SIM fraud is to contact your mobile phone carrier and advise them to tighten security on your account. Request them to place a “do not port” note on your account. This should prevent hackers from being able to port-out your phone number. Set up security questions or a PIN (personal identification number), and do not share the answers with anyone.
When you port your number into Hushed, we require documentation from your current provider, including your account number and PIN, plus address and contact information. This is required because we must be completely certain that anyone porting their number into Hushed is the verified owner of the phone number in question. If all service providers were so thorough, maybe there would be fewer SIM-swapping headlines!