A SIM swap attack, also known as a SIM intercept attack, is a form of identity theft in which an attacker convinces a cell phone carrier into switching a victim’s phone number to a new device in order to gain access to bank accounts, credit card numbers and other sensitive information. Relatively new and on the rise, SIM swap attacks are increasing in popularity due to the growing dependence on cell phone-based authentication methods.
Cell phone SIM cards are used to store information about its user and communicate with the Global System for Mobile communication (GSM). Without a SIM card, devices cannot be registered to an account, network or subscription. By compromising the SIM, this introduces a type of attack that does not affect the programming of the device at all, but rather disables it remotely without the victim’s knowledge.
The first step in a SIM swap attack is for the hacker to phish for as much information about the victim as possible. Through fraud emails, phone calls or social media accounts, hackers trick victims into revealing personal information such as legal names, birthdates, phone numbers and addresses that may be tied to account security.
After the attacker has collected enough information to fake the victim’s identity, they will call the cell phone provider to claim the original SIM card has been compromised and that they would like to activate a new one in their possession to the same account. Using the personal data previously collected, attackers can usually answer security questions without raising alarm and complete the transaction.
Once this is complete, the attacker has access to all of the victim’s text messages, phone calls and accounts that may be linked to the phone number. Since a large amount of banking, email and social media accounts can be retrieved or reset with mobile authentication, SIM swap attacks leave massive amounts of information vulnerable. If not caught early on, the attacker could potentially open new bank accounts to transfer funds in the victim’s name or lock the victim out of all accounts.
How to identify a SIM swap attack
The tell tale sign of a SIM swap attack is the discontinuation of sending or receiving text messages and calls to a device. Once the attacker has successfully redirected a phone number, the victim’s device will practically void its communication capabilities.
Cell phone users can also contact the provider to inquire if a SIM activation has been requested. Certain mobile carriers will also send an email confirmation of the SIM swap, verifying that this was made by the account holder.
How to prevent a SIM swap attack
Users can help protect cellular devices from SIM swap attacks in the following ways:
- Avoid relying on SMS for primary communication as the data is not encrypted
- Keep personal information utilized for protecting accounts private
- Verify the types of alerts set up for each account to identify false logon attempts
- Utilize the offer from every major US cell phone provider to set up an account PIN or passcode separate from the number
- Enable two-factor authentication (2FA) for social media, credit card and bank accounts
- Download authenticator apps, such as Google Authenticator and Authy, to link the physical cellular device
- Remove cell phone numbers from accounts that do not require one