Today’s smartphone is more like a personal digital fingerprint than just a phone. It carries your personal and business history, including financial information (think banking, passwords, and credit card information); information about your associates and family members; and stores your location. If you’re like most people, you keep your phone close, it’s in your pocket, fanny pack, or bedside table. So how is it that cybercriminals can lock you out of your phone and literally steal your financial life and personal identity? It’s called SIM swapping.
You’ve probably heard of a SIM card but may not know its purpose. A SIM (subscriber identity module) card is a tiny memory chip that stores information about a cell phone and its owner and can be used as a storage device for messages, contacts, and emails. It's also necessary to connect your phone to the carrier network, allowing you to make phone calls and send text messages.
SIM cards are transferrable, meaning they can be taken out of one phone and put into another, and it should work as long as the mobile carriers are the same.
If your phone is lost, stolen, or damaged, your provider can electronically switch your information from one SIM card to another.
Unfortunately, something that was meant to make your life easier can be used by cybercriminals to steal your personal information.
Once the information on a SIM card is swapped, calls, texts, and other data goes to the criminal's device instead of yours.
Many online accounts use multifactor authentication to confirm your identity or password recovery by sending an SMS text to a phone number on record. With SIM swapping a criminal can go to an account and reset your passwords, get the SMS to confirm their identity, leaving you helpless.
You can take several steps to prevent becoming a target of SIM swapping.
You may be a victim of SIM swapping if you lose service on your phone, both texting and calling, or if you receive a text saying your SIM card for your phone number has been changed.
If you believe you are a target, do the following immediately: