Protect Yourself from SIM Jacking (SIM Swap Scams)

by

Most people received text messages or phone calls to verify their identity when signing in to social media, banking, and other important online accounts. But what happens if your cell phone number suddenly becomes disconnected? And what could cause that to happen?

An increasingly common technique employed by cybercriminals, known as SIM jacking, could be used to drain your bank accounts and gain access to your personal information online. SIM jacking occurs when someone contacts your cellular provider while pretending to be you in need of a replacement SIM card or phone. If the attacker is successful, your carrier will transfer your number to a new device and the attacker will have access to all your text message verification codes. Here’s what you can do to protect yourself from SIM jacking:

  • Don’t reply to calls, emails, or text messages that request personal information. These could be phishing attempts by scammers looking to get personal information to access your cellular, bank, credit or other accounts. If you get a request for your account or personal information, contact the company using a phone number or website you know is real.
  • Limit the personal information you share online. If possible, avoid posting your full name, address, or phone number on public sites. An identity thief could find that information and use it to answer the security questions required to verify your identity and log in to your accounts.
  • Set up a PIN or password on your cellular account. This could help protect your account from unauthorized changes. Check your provider’s website for information on how to do this.
  • Consider using stronger authentication on accounts with sensitive personal or financial information. If you do use MFA, keep in mind that text message verification may not stop a SIM card swap. If you’re concerned about SIM card swapping, use an authentication app or a security key.

You can read more on the FTC’s Consumer Information website: https://www.consumer.ftc.gov/blog/2019/10/sim-swap-scams-how-protect-yourself or at Wired.com: https://www.wired.com/story/sim-swap-attack-defend-phone/

How to set up a PIN or passcode on your account with your cellular provider:

On AT&T, you can set up a “wireless passcode” that’s four to eight digits long by going to your profile, then Sign-in info, then Get a new passcode. You should also add what the carrier calls “extra security,” which just means it’ll require the passcode to manage your account online or in a retail store. You can find that by going again to Sign-in info, then Wireless passcode, and checking Manage extra security.

Verizon actually requires a PIN, but to set yours up or change it, head to this site, then sign into your account. Enter the PIN of your choice twice, click Submit, and you’re done.

For T-Mobile, you have to call instead; dial 611 from your mobile phone and ask to add “Port Validation” to your account, which lets you choose a six to 15 digit PIN. On Sprint, sign into your account, click on My Sprint, then go to Profile and security. Scroll to Security information, and update your PIN there.