Our cell phones are our go-to for entertainment, fitness apps, checking email, paying bills, and posting to social media. What would we do without them! Now imagine that your cell phone suddenly stops working: no data, no text messages, no phone calls. Then comes a startling notification from your cellular provider that your SIM card has been activated on a new device. The Federal Trade Commission cautions these could be signs that a scammer has pulled a SIM card swap to hijack your cell phone number.
The FTC says scammers may call your cell phone service provider and say your phone was lost or damaged. Then they ask the provider to activate a new SIM card connected to your phone number on a new phone — a phone they own. If your provider believes this sham and activates the new SIM card, the scammer — not you — will get all your text messages, calls and data on the new phone.
The scammer — who now has control of your number — could open new cellular accounts in your name or buy new phones using your information. Scammers could log in to your accounts that use text messages as a form of multi-factor authentication because they can get a text message with the verification code they need to log in.
Armed with your log in credentials, scammers could log in to your bank account and steal your money, or take over your email or social media accounts. They could change passwords and lock you out of your accounts.
Protect yourself from a SIM card swap attack with these tips from the FTC:
-- Use multi-factor authentication (MFA) which provides extra account protection by requiring two or more credentials to log in. In addition to your password, you will need a second credential to verify your identity. That could be something you have — like a passcode you get via text message, a security key, or an authentication app or by biometric verification — a scan of your fingerprint, retina, or face. If you do use MFA, keep in mind that text message verification may not stop a SIM card swap. If you are concerned about SIM card swapping, use an authentication app or a security key.
-- Don’t reply to calls, emails, or text messages that request personal information. These could be phishing attempts by scammers seeking personal information to access your cellular, bank, credit or other accounts. If you get a request for your account or personal information, contact the company using a phone number or website you know is real.
-- Limit the personal information you share online. Avoid posting your full name, address, or phone number on public sites. An identity thief could find that information and use it to answer the security questions required to verify your identity and log in to your accounts.
-- Set up a PIN or password on your cellular account. This could help protect your account from unauthorized changes. Some cellular service providers now require a PIN to make changes to an account. Check your provider’s website for information on how to do this.
-- Consider using stronger authentication on accounts with sensitive personal or financial information.
If you are the target of a SIM swap scam:
-- Contact your cellular service provider immediately to take back control of your phone number. After you re-gain access to your phone number, change your account passwords.
-- Check your credit card, bank, and other financial accounts for unauthorized charges or changes. If you see any, report them to the company or institution.
-- If you think a scammer has your information — like your Social Security, credit card, or bank account number — go to IdentityTheft.gov and follow the steps to report and recover from identity theft.
Go to the FTC website to find out what else you can do to protect the personal information on your phone and how to keep your personal information secure online.