The Danger of SIM Swapping
A few months ago, I saw someone on Twitter talk about the time he experienced SIM swapping on his iPhone. He ended up losing access to his Apple account, but did get his cell phone number back.
Let me explain more…
What is a SIM card?
SIM stands for “subscriber identity module.” This is the small chip card in your phone that connects it to your cell phone service network. Although, some phones have eSIMs, which are not physical cards. The SIM card is what connects your phone number to your phone. Without it, you can’t make or receive phone calls or text messages, nor can you use the internet when you’re not connected to Wi-Fi.
What is SIM swapping?
SIM swapping is an attack when someone takes control of your cell phone number and account. This usually doesn’t involve physically stealing your phone or the SIM card inside. Instead, the thief gathers personal information about you and contacts your cell phone provider. The thief uses your personal information to impersonate you and trick your cell phone provider into giving them control.
What happens during and after a SIM swap?
The first sign that your SIM card has been swapped is that you are no longer able to get phone calls or texts. Your cell provider may also send you emails notifying you of a change to your account. For Apple accounts, your trusted number may be changed without your permission. For Google accounts, the associated phone number may be switched.
The real danger of SIM swapping is the loss of your cell phone number. Your number is an important piece of information. How many times have you logged into an important app or website – especially something related to banking or finances – and had to get a security code sent to you by text message? When someone can steal these security codes, they can access a lot of things that are critically important.
How do you prevent a SIM swap?
There are many steps you can take.
Consider putting a lock code on your SIM card. This is a PIN that’s a lot like one used to unlock a phone screen. After a SIM card has a lock code, you will have to enter it every time you restart your phone or when you insert the card into a new phone.
Keep an eye out for any suspicious text messages or emails, especially those that contain links to websites. These messages could be sent by thieves who want to direct you to a website that is a front for stealing your information.
Avoid using your cell phone number for security purposes. Whenever possible, avoid using security codes sent over text or security calls sent to your cell phone number. Instead, use authenticator apps like Google Authenticator or Microsoft Authenticator. Another option are security keys, a little device that you can insert into your phone or connect wirelessly. (If you have an iPhone, security keys are your only option for protecting your Apple account. Authenticator apps won’t work with your Apple ID.)
But if security keys or authenticator apps are not an option, you can always get a second phone number. You don’t have to get a second phone to do this. You can use a service like Google Voice.