young woman looking at her phone

SIM swapping, SIM hijacking, or SIM jacking occurs when a cybercriminal fraudulently transfers a victim's phone number to a SIM card under the attacker's control. This allows the attacker to receive all incoming calls and messages intended for the victim, bypassing security measures relying on multi-factor authentication (MFA) implemented via SMS.

Why do cybercriminals perform this attack?  

  • Identity Theft: SIM swapping can be a precursor to identity theft. By gaining control of a victim's phone number, attackers can intercept authentication messages and access the victim's online accounts, financial information, and personal data.
  • Account Takeover: With control over the victim's phone number, attackers can reset passwords and take over various online accounts, including email, social media, and financial accounts. This gives them the ability to conduct fraudulent activities or steal sensitive information.
  • Financial Fraud: Criminals may use SIM swapping in financial fraud schemes, such as unauthorized bank transfers, cryptocurrency theft, or fraudulent purchases using linked payment methods.
  • Extortion: In some cases, attackers may use SIM swapping to extort money from victims by threatening to release sensitive information obtained from compromised accounts or by holding accounts hostage until a ransom is paid.
  • Espionage and Surveillance: In targeted attacks, SIM swapping can be used for espionage or surveillance purposes to monitor the victim's communications, track their location, or gather sensitive information for blackmail or manipulation.
  • Loss of Service: Victims may suddenly lose cellular service or notice an inability to make or receive calls and texts.
  • Unexplained Changes: Unauthorized changes to account settings, such as passwords or security questions, can indicate a SIM swap.
  • Unexpected Notifications: Victims might receive notifications about SIM card changes or new account logins that they did not initiate.
  • Identity Theft: SIM swapping is often a precursor to identity theft or other forms of fraud, so victims should be vigilant for any unusual account activity.
  • Use Authenticator Apps: Use authentication apps like Google Authenticator or Authy instead of relying on SMS-based MFA whenever possible.  See Cybersecurity & Infrastructure Security Agency (CISA)  More than a Password
  • Secure Accounts: Enable additional security measures such as account PINs, security questions, or biometric authentication where available.
  • Monitor Accounts: Regularly check account settings and activity for any suspicious changes or unauthorized access.
  • Limit Personal Information: Be cautious about sharing personal information online or over the phone, as attackers may use it to impersonate you.
  • See Cyber Crime Prevention for further actions. 
  • Contact Service Provider: Immediately contact your mobile service provider to report the issue and request assistance in regaining control of your phone number.
  • Change Passwords: Change passwords for all affected accounts and enable additional security measures such as multi-factor authentication.
  • Update Security Settings: Review and update security settings for all online accounts to prevent further unauthorized access.
  • Monitor Accounts: Monitor your accounts for suspicious activity and consider freezing your credit report. See  Identity Theft for further recommendations.

References: