Stop SIM-Swapping Scams: Safeguard Your Identity Against No. 1 Threat
SIM-swapping, a more advanced form of identity theft, goes beyond simply hacking into email or social media accounts. In reality, it means that the thieves get full control of your phone number and thus have the power to redirect your calls and the messages to themselves, instead of you. This allows them to bypass protections such as two-factor authentication texts that secure financial accounts, locking out the actual owner.
Experts say that scams like those of SIM-swapping will only increase in frequency and sophistication. Data supports this, with the FBI Internet Crime Complaint Center reporting a more than 400% increase in SIM-swapping complaints from 2018 to 2021. These incidents have resulted in over $68 million in personal losses. According to Rachel Tobac, CEO of SocialProof Security, these figures are likely underestimated, as many identity theft cases go unreported.
How Does SIM-Swapping Work?
Now the question arises as to how the criminal gangs get the vital and the inside information about the victims. The mode of operation seems to be clinical like the usual data breaches, dark web purchases, online leaks or regular phishing scams.
This illegally procured information is then used to impersonate the victim and then contact their mobile number operating company. The criminals of this sort falsely claim to have lost, damaged or sold the original phone with the sim card. They request the number be transferred to a new SIM or eSIM card in their possession. Once this is done, the criminals can receive calls and texts meant for the victim, including those for account verification.
Preventing SIM-Swapping
Cybersecurity experts emphasize the prevention of SIM swapping as the best defense. Here are some key strategies:
Better Password Habits
If your credentials are compromised in a cyber breach, hackers can use them to access other services and gather personal data for a SIM swap. To minimize this, try to avoid the same login credentials across multiple sites to be better protected. Consider using a password manager to handle complex, unique passwords for each account. A strong password must be used that should contain letters, numbers and symbols. Some experts also recommend a minimum length of at least 16 characters to make it more secure.
Multifactor Authentication (MFA) Without Texts
Implement biometrics or MFA apps and devices that don’t rely on text messages. These methods use separate login mechanisms and encryption, making them harder for criminals to exploit.
Carrier Protections
Contact your mobile carrier to set up a unique passcode to prevent significant account changes, such as porting your number to another carrier. Your carrier might already have additional protections against SIM swapping, so it’s worth inquiring.
Phishing Awareness
Criminals use emails or texts to trick you into revealing personal and financial information. This tactic is particularly effective in workplace settings. The cybersecurity firm Proofpoint reports that most data breaches worldwide stem from human errors. If by chance, you get a message that looks deceiving or suspicious, you must try to report it to the concerned authorities immediately. Email platforms often have functions to report phishing attempts and workplace protocols should be followed as advised by your company’s information security team.
Steps to Take if You’re a Victim
All major U.S. carriers provide web pages with guidance on reporting SIM-swapping fraud. An Associated Press reporter who recently experienced such an attack suggests that victims should actively work with their carrier to resolve the issue. To expedite the recovery process, additional steps such as filing complaints with the Federal Trade Commission, the State Attorney General or the Internet Crime Complaint Center are highly advised in these cases.
Additionally, filing complaints with the Federal Trade Commission, the Internet Crime Complaint Center, or state attorneys general can help expedite recovery. If your card payment numbers are stolen, inform your bank or credit card company, explaining the risk of fraud, and ask them to monitor for suspicious activity. Notify credit agencies, including Equifax, Experian, and TransUnion, to freeze your credit. This restricts access to your credit report and complicates the process of opening new accounts, while a SIM-swapping fraud alert can prompt lenders to verify your identity before extending credit.