How to Avoid Scams Involving SIM Swapping and Port-Out

When attackers seize control of your cellphone number, it is known as SIM switching or SIM hijacking. They deceive your mobile service provider into porting your number to their phone.

The attacker then accesses other of your internet accounts using your phone number. In conjunction with other data they have learned about you via phishing emails, SMS two-factor authentication (2FA), or stolen information from the Dark Web, they “recover” access to accounts (such as your Gmail) using text messages.

They can then quickly get access to:

Email and bank accounts
Photos Texts
A social media profile
Accounts for cryptocurrency trade

Sim swapping and port-out fraud are two distinct issues that are sometimes confused with one another.

When a con artist switches your phone number to another service provider, it is called porting fraud.

Transferring your account to a con artist’s new SIM card is referred to as a “SIM swap.”

There are several circumstances in which you could have a good cause to ask for a second SIM. Your carrier’s support staff can translate your phone number to a new card’s Integrated Circuit Card Identifier (ICCID) in the event that your current SIM chip a malfunction or if you accidentally misplace the SIM.

Simple port-outs can be finished in a day if you’re changing carriers but staying in the same region.

How Can a SIM Swap Be Verified?

How is it so simple for a thief to switch your SIM while posing as you? Because carrier reps are simple targets for trickery, SIM swap attacks are so effective.

To transfer your number, the assailant might contact your provider’s helpline and sob bitterly over losing your SIM card. The assailant can just hang up and call another agent if they feel threatened.

Six difficulties with authentication were identified by a Princeton University empirical investigation as obstacles that attackers must overcome to perform a SIM swap:[*]

Date of birth, street address, and email address are examples of personal data.
Account details include the last four numbers of a credit or debit card, the date of activation, the amount of the most recent payment, and the date.
Information about the device: ICCID (SIM serial number), IMEI (device serial number).
Call log use details: Recently dialed numbers.
Having the PIN or password and the solutions to the security questions.
Possession: A multi-factor authentication (MFA) code delivered through SMS, email, or another method.

Five Telltale Signs of a SIM Swap Attack

Your phone will start acting weird after a SIM switch. The following are some indicators that you could be a victim:

Service alterations: The first indication that your SIM card or phone number has been activated elsewhere is when your carrier notifies you of it.
Being unable to make or receive phone calls or text messages. Your phone number is no longer functional as soon as the con artist activates your SIM on another device.
Security warnings. Another indication is getting notifications when your profile data, including passwords and security questions, changes. Unrecognized login attempts that fail are yet another sign that you’ve been hacked.
Your online carrier account cannot be accessed. You can get locked out of your carrier account by scammers. In this manner, you are unable to access your personal data, lock your phone, or make a complaint.
Using applications on your phone is not possible. Attacks using SIM swaps restrict you from accessing your mobile applications and accounts.

Erratic behavior on your social media sites. Attacks using SIM swaps frequently target people with important online profiles, such as large Twitter, LinkedIn, or Instagram followings. Social media profiles with unusual online behavior may have been hacked.

How Can Unlawful SIM Swapping Be Prevented?

Single-use passcodes for service call requests

Customers of T-Mobile must create a unique PIN between 6 and 15 digits to confirm their identity while phoning customer support.[*]

The validity of any account updates is further confirmed with the aid of these authentication codes.

NTP, or Number Transfer PIN

When a postpaid number is ported to another carrier, a Number Transfer PIN is produced.

With this kind of identification, a SIM swap or port-out request is guaranteed to be coming from a legitimate consumer.

SMS confirmation for SIM switch

Carriers like AT&T developed a risk-scoring methodology to identify consumer requests for SIM replacements and port-outs that pose a high risk.[*] A free SMS confirmation is sent by AT&T to the client requesting a SIM switch if it meets (or exceeds) certain thresholds in their risk model.

Account takeover defense

To stop SIM swaps, Verizon offers users a function called Number Lock. When you enable a Number Lock on your account, the number is immobile until the lock is turned off.

Things you can do

Install an authenticator app to enable 2FA.
To safeguard all of your online accounts, use an authentication program like Google Authenticator (or a service comparable to it).
Learn which applications and websites offer this crucial layer of authentication by browsing the 2FA Directory.
Watch out for phishing emails, messages, or calls.
Watch out for phishing emails and other methods that con artists might use to steal your info.
Never click any links in emails or texts you get from strangers. Reputable businesses won’t email you to ask for personal information (such as your credit card company or carrier).