Dealing with a SIM swapping attack

SIM cards are found in most mobile devices and provide the ability to make and receive phone calls, send and receive texts and access the internet.

SIM Swapping is where a criminal is able to gain control of your mobile SIM account and transfer ownership (and the associated telephone number) to another mobile SIM card under the control of the criminal. Your phone will no longer connect to your mobile operator and you won’t be able to use your phone for calls and texts.

The aim of a SIM swapping attack is typically to use control of your number to reset passwords to your online accounts. It is common that a victim of a SIM swap attack will be subject to financial fraud such as transference of money from financial accounts (banking, bitcoin etc) as well as experiencing email and social media compromise.

We want to better understand the impact of you experiencing this issue, can you share your experience by filling in this online form? This will help us better protect future victims.

How do I know if I have been the victim of a SIM swap?

The following are indicators of a SIM swap attack:

  • Sudden unexpected loss of mobile signal, for you only. Other nearby mobile users are unaffected. This results in the inability to make mobile calls and text messaging to and from your phone.

  • Notification from your mobile provider that your SIM card or phone number has been activated or migrated, without prior knowledge or agreement.

  • Inability to access online accounts. This could include bank and credit card accounts, email and social media.

  • Fraudulent bank and bitcoin transactions to unknown 3rd parties.

  • Unexpected social media activity and posts.

  • Sudden increase in phone calls or texts. This can be carried out as a distraction technique prior to the swap. It forces you to reset your mobile device providing the attacker the opportunity to carry out a SIM swap attempt.

Approaches to dealing with SIM swapping

Dealing with a SIM Swap incident can be difficult because by the time you are aware, the swap may have already taken place. The Federal Trade Commission has provided additional guidance on SIM Swapping here.

  1. Act quickly – As soon as you suspect something is wrong - act. The longer it takes to react, the potential for more impacting activity by the attacker is possible.

  2. Contact your Mobile provider – explain the situation and ensure the provider commences investigating the incident and recover your account back to your control and investigate how the swap occurred.

  3. Contact your financial organizations immediately – Advise your banks of the incident and review any unexpected transactions or access issues with them. Request a reference number for your call to them.

  4. Keep a log of your actions - note who you have contacted, when, what actions were agreed to be completed and when by. Mistakes can be made so record your actions in case of future disputes.

  5. Repeat point 2 and 3 – be sure that the incident you have raised has been correctly recorded and action is being taken – call them back and check.

Report the crime

If you are in the USA you can report a SIM swapping attack to the FBI through their IC3 reporting portal here.

If you think the criminal also has access to your information, such as your bank information or social security number, head to the Federal Trade Commissions website to file a report here.

How do SIM Swaps happen?

Below are some of the steps that an attacker will follow to complete a SIM Swap attack.

  1. The attacker collects identification and personal information about you from social media, previous data breaches and internet searches.

  2. The attacker requests your mobile provider to migrate the SIM to a new one the attacker controls or works with a criminal associate within the provider organization to achieve this.

  3. The attacker uses the personal information gained about the victim to pass any security checks requested by the mobile provider.

  4. With control of the SIM, the attacker focuses on attacking the victims banking, email, social media and other accounts by way of requesting account password resets.

  5. The account reset requests sent by SMS and email are then intercepted. Account passwords are reset, giving the attacker full access to the victim’s accounts.

How do I avoid a SIM swap in future?

SIM swapping is difficult currently to 100% protect against in the UK, partly because you are dependent upon mobile phone providers ensuring your SIM is not swapped without your knowledge.

However, there are a number of preventative measures that you can take to minimize the chances of becoming a victim of both SIM Swapping and the subsequent fraudulent activity that it tends to lead to:

  • Secure your mobile account. This is done via your mobile provider. Request a unique password and PIN be set up on your mobile account, which will be required before a SIM can be migrated. Ask your provider what other protections they have in place or can provide against this form of attack.

  • Review and remove weak SMS based security controls. Allowing web-based account passwords (email, banking, social media etc) to be reset using codes sent by SMS to your mobile device should be replaced in favor of app based authentication.

  • Apply a SIM pin and screen lock. This will help prevent SIM abuse in the event your phone is physically stolen.

  • Review your online footprint. Could personal information posted or shared on social media sites be used against you for this and other attacks? Additionally, consider what data is stored within your web-based email and storage solutions.

  • Work to improve your online security - a lot of victims of SIM swapping have had their personal data stolen through malicious software. Use sites like Security Planner and Get Safe Online to learn how to protect yourself.

Donate - Help us support other SIM swap victims

To help people like you we rely 100% on donations from people like you.

Without donations we cannot keep our service free and provide help to the most vulnerable victims of cyber crime when they need it most. As a not-for-profit organization, 100% of your donation goes towards keeping The Cyber Helpline up and running - so 100% goes towards helping people like you. Donate now and help us support victims of cyber crime. 

To help people like you we rely 100% on donations from people like you.