The F.B.I. has issued a warning about the growing number of “SIM swap” scams that essentially steal someone’s cellphone number to hack their personal data.
A “SIM swap” scam occurs when a criminal acquires a mobile phone’s SIM card (aka the memory card that identifies the phone’s owner and connects the device to the mobile network) from an unknowing victim to steal personal information such as “bank accounts, virtual currency accounts, and other sensitive information,” according to the public service announcement from the FBI.
In many instances, criminals will use phishing techniques to obtain personal information about the victim, and then use it to impersonate the victim to their mobile carrier — and subsequently, switch the victim’s phone number to a different SIM card.
““Once the SIM is swapped, the victim’s calls, texts, and other data are diverted to the criminal’s device.””
“Once the SIM is swapped, the victim’s calls, texts, and other data are diverted to the criminal’s device,” the FBI explains in its PSA. “This access allows criminals to send ‘Forgot Password’ or ‘Account Recovery’ requests to the victim’s email and other online accounts associated with the victim’s mobile telephone number.”
The FBI received 320 complaints related to SIM-swapping incidents between January 2018 and December 2020, and the adjusted losses added up to $12 million.
And the problem is getting worse. In 2021 alone, the FBI received 1,611 SIM-swapping complaints, with adjusted losses totaling more than $68 million.
So what can you do to protect your phone and your personal information from SIM swap schemes? This is what the FBI recommends.
How to protect yourself from SIM swap scams
Don’t advertise information about your financial assets, including the ownership or investment of cryptocurrency, on social media websites and forums.
Don’t share your mobile number account information over the phone to representatives that request your account password or pin. Instead, verify the call by dialing the customer service line of your mobile carrier.
Avoid posting personal information online, such as your mobile phone number, address, or other personal identifying information.
Use a variation of unique passwords to access online accounts.
Be aware of any changes in SMS-based connectivity.
Use strong multi-factor authentication methods, such as biometrics, physical security tokens or standalone authentication applications to access online accounts.
Don’t store passwords, usernames, or other information for easy login on mobile device applications.
If you suspect that you’re a victim of SIM swapping:
Contact your mobile carrier immediately to regain control of your phone number.
Access your online accounts and change your passwords.
Contact your financial institutions to place an alert on your accounts for suspicious login attempts and/or transactions.
Report information concerning all suspicious activity to your local law enforcement agency or your local FBI field office (contact information can be found at www.fbi.gov/contact-us/field-offices.)
Report the activity to the FBI’s Internet Crime Complaint Center at www.ic3.gov.