According to the Pew Research Center, almost all American adults (97%) own a cell phone. While that statistic isn’t surprising, it does show how many of us are susceptible to a dangerous scam: SIM swapping.
SIM Swapping: What You Need To Know
In this article, I’ll explain what SIM swapping is and what phone carriers are doing about the issue. I’ll also share some tips on how you can stay safe.
Table of Contents:
- What Is SIM Swapping?
- How To Prevent Sim Swapping With Your Cell Phone Carrier
- Additional Tips To Prevent This Scam From Happening to You
What Is SIM Swapping?
SIM swapping, or a SIM swap scam, happens when a crook is able to take control of the personal information stored on your SIM card by accessing it from another phone.
According to the Federal Trade Commission (FTC), a successful SIM swap can occur if a scammer impersonates you and contacts your phone service provider with a bogus story.
According to the FTC’s website, “They may call your cell phone service provider and say your phone was lost or damaged. Then they ask the provider to activate a new SIM card connected to your phone number on a new phone — a phone they own.”
Once scammers successfully take over your phone, they can access your bank account, social media accounts, email account and more. How? While two-factor authentication is typically a decent form of protection, the scammer now has access to your phone number and email. That means they have access to any codes sent through an email or text message.
What Cell Phone Carriers Are Doing To Prevent SIM Card Swapping
You may be wondering what popular wireless carriers are doing about SIM swapping. I reached out to them to find out the latest procedures and protocols they have put in place to counteract SIM swap scams.
Verizon said it has put several security enhancements in place to prevent SIM swapping.
“Verizon requires customers to complete enhanced authentication steps to perform a SIM card change or device change request,” a spokesperson told Team Clark. Those steps include:
- Two-Factor Authentication: Customers are encouraged to set up two-factor authentication inside the free My Verizon app (Android or iOS).
- Number Lock: “Customers have the option to enable a Number Lock that will prevent their number from being Ported Out to another carrier without first removing the Number Lock.” You can request a Number Lock by calling Verizon Customer Service (*611) from your mobile phone or in the My Verizon App (Tap Settings > Number Lock > Choose number).
- Number Transfer PIN: “Verizon consumer accounts now require a dedicated six-digit PIN to port a line to a new service provider,” the spokesperson said. “With Number Transfer PIN, the necessary port-out code is only revealed once a customer successfully confirms their identity, reducing the risk of unauthorized porting.”
You can learn more about SIM swapping and how Verizon recommends protecting yourself against the scam online.
A T-Mobile spokesperson told Team Clark that when it comes to the SIM swap scam, the company offers its customers “several safeguards to help protect against this crime.”
The company allows its subscribers to set up PINs (personal identification numbers) that they need to log into their accounts. “T-Mobile accounts must have a 6-15 digit PIN, and a customer’s number cannot be ported without verification of that PIN,” the spokesperson said.
The wireless provider also offers Account Takeover Protection to stop bad actors from getting control of user accounts. Account Takeover Protection blocks unauthorized users from transferring your phone line to another wireless carrier.
Last year, T-Mobile also launched a SIM protection service that allows customers to put a block on individual lines or entire accounts to prevent the SIM from being changed.
You can read more about T-Mobile’s phone protection measures on the carrier’s website.
When asked about SIM swapping, an AT&T spokesperson forwarded me the following statement:
“We are working closely with our industry, law enforcement and consumers to stop and prevent this type of crime. We have security measures in place to defeat fraudulent SIM swaps. However, recent high-profile cases reinforce the importance of businesses and consumers taking steps to protect against SIM swap fraud, such as not using mobile phone numbers as the single source of security and authentication.”
To get a better idea of how MVNOs protect against SIM swapping scams, we reached out to several providers.
Dish (Boost Mobile, Ting Mobile, Republic Wireless, Gen Mobile)
“The two ways that most of them are protecting against it is through an account access PIN or a PIN transfer, and then you have your representatives,” they said. “As long as reps are following the procedures, [scammers] shouldn’t be able to swap unless they have just a ton of information on the person.”
They went on to explain that while carriers have different versions of PINs, the purpose is the same: whoever might call in to try and swap a SIM would have to have that PIN in order to do it.
As long as customer service representatives are following procedures, scammers would need a lot of personal information, in addition to which phone service provider you’re with and your phone number, to obtain a new SIM card. Unfortunately, through hacking other companies and businesses, scammers may be able to obtain enough information to impersonate you when contacting your phone service provider. While these types of hacks aren’t common, they do happen.
“So really what we advise customers to do: They need to set up that PIN,” the spokesperson said. “Then, if they feel like there’s been any compromise in information, always just call in and check. Customers can change their PIN or put holds on their accounts. If they’ve had like a wallet stolen or any sort of identity theft or something of that nature, they can take that extra step and change those things.”
TracFone (Simple Mobile, Straight Talk, SafeLink)
“SIM swapping fraud and other related fraud are issues that affect the entire industry. That’s why we work with others in the industry, CTIA (wireless trade association) and law enforcement to address these problems as they arise. Stopping these fraudulent activities is as important to TracFone Wireless, Inc. as it is to our customers.”
On its website, TracFone says it has recently added some security enhancements in light of some fraudulent activity discovered on customer accounts.
In a message to its customers, TracFone says: “Since uncovering this fraudulent activity, we have made enhancements to improve the security of your mobile account. For example, when a request to transfer a number is made, we will send a text message notification to your device to alert you to the request. This message will include the number you should call if you did not authorize the transfer. Additionally, we will also send you a text message containing a unique code (a “Number Transfer PIN” or “Port PIN”) that must be provided to the new carrier before a transfer can be completed. This code should only be provided to your new carrier when you are making your transfer request. We will never call you and ask you for this code.”
A spokesperson from Consumer Cellular sent Team Clark the following statement:
“Consumer Cellular takes advanced measures to protect consumers against SIM Swap Scams. The company requires a port out PIN to transfer a number to another service and also has security in place to protect SIM cards that have been purchased in retail and eSIM cards. Consumer Cellular is working on adding more security features and bolstering internal processes to combat this criminal activity.”
I received a similar statement from Twigby:
“For this particular topic, we don’t comment on security procedures to prevent unauthorized use. We feel that it opens up letting possible threats understand all the steps required to overcome. With this, we have multiple levels of account security information and internal reviews that occur prior to SIM replacements. For the protection of the customer and our ongoing procedures, this is why the depth of these details are not publicly shared.”
I also reached out to Mint Mobile, Tello Mobile, Cricket Wireless and Visible Wireless about their plans for curtailing SIM swapping but did not hear back.
Additional Tips To Prevent This Scam From Happening to You
SIM swapping is a serious problem that can end up plunging its victims into financial ruin. To safeguard yourself against SIM swapping scams, follow these steps from the phone carriers:
Get a Strange Notification? Do Not Reply
Never respond to a text message, email or phone call from someone you don’t know.
For example, a scammer who has swapped your SIM card may send a notification to your phone asking you to verify some of your personal information. Do not reply.
Use Your Device’s Advanced Security
Many phones today allow you to set up advanced security, including biometric authentication, to keep your information secure. Some of the most common advanced security methods are:
- Fingerprint ID: As its name implies, you can restrict access to your phone by allowing it to use your thumb or fingertip to authenticate your identity.
- Facial recognition: Many Android phones have facial biometric ID features while some iPhone models have Face ID.
Try an Authentication App
For added protection, you might consider using an authentication app to keep access to your phone locked. I use a free authentication app from Microsoft on my phone (Android or iOS) to protect sensitive information. Every 30 seconds it generates a security key that I need to enter to gain access to my device.
Set Up a PIN
One of the most common ways that phone service providers are combatting SIM Swap scams is through a PIN.
Many providers, including Dish, require you to set up a PIN now when you create your account. However, if it’s just optional, it’s worth taking the time to set up.
Scammers will need a lot of personal information to be able to impersonate you, but having a personalized PIN is a great additional layer of protection.
Ask About Additional Authentication Options
While this may not work with every bank or institution, check to see if your sensitive accounts offer more than simple two-factor authentication.
Some companies allow you to request an additional check before something is changed or transferred. You may be able to opt in to an additional email notifications or even a direct phone call before sensitive account information is accessed or updated.
While this option isn’t widely used because it adds more cost to a company’s bottom line, it never hurts to ask if your bank or other accounts offer an additional authentication option.
Consider an eSIM Device
While the percentage of wireless users affected by SIM swap scams is relatively low, there’s no harm in taking any additional measure you can. Fortunately, the rising popularity of eSIM-capable devices and providers offers an additional layer of protection.
eSIMs are actually a lot more common outside of the United States, but they’ll likely become the default everywhere in the years to come. In fact, the new iPhone 14 Series doesn’t have a physical SIM slot at all.
This transition will also make the use of SIM technology safer. With eSIMs, scammers aren’t able to just pull a SIM out and swap it quite as easily. Instead, your SIM is assigned to your device, which provides a little bit more protection.