Not only do we use our phones for calls, texts, and emails, they act as another layer of cybersecurity. However, some cybercriminals will target your phone to get into your critical accounts. A common threat is SIM card swap scams, and these crimes have been on the rise. 

A SIM card (for the acronym haters, SIM stands for "subscriber identity module") is a computer circuit on a card that is unique to each phone. In earlier times, we even switched SIM cards into our new phones. You can still swap SIM cards between phones on the same carrier to use them—and it is this transferability that led enterprising hackers to devise the SIM card swap scam.  

Understanding SIM card swap scams 

A SIM card swap scam occurs actually requires two scams:  

1. First, a criminal must scam your wireless carrier into transferring your number to a SIM card under their control.  

2. Once they control your phone number, the scammer uses it to help crack into your sensitive accounts, like banking, that use multi-factor authentication through SMS text message.  

The scammer can trick the mobile carrier by using your personal information. This might include your name, address, and credit card information. This data can be stolen in several ways: 

• You fell victim to a phishing attack 

• Your data was lost in a data breach and sold to the hacker 

• You posted sensitive information on social media or elsewhere online 

Once the scammer has a phone with a SIM card connected to your phone number, they can use it in tandem with other stolen information (like hacked usernames and passwords) to attempt to break into your accounts. If you have an account enabled with the type of MFA that texts a code to your phone number, the criminal would be able to overcome this layer of security by impersonating your phone number. Often, the scammer does all this to break into banking or other financial accounts.  

Red flags of SIM card swap 

There are a few big red flags that you are the victim of a SIM card swap scam: 

• You cannot make or receive calls or texts, and a wider cellular outage isn't occurring. 

• An online account is locked because of suspected unauthorized access. 

• You receive alerts through email or other means that someone is attempting to access an account, and you don't recognize the activity.  

If you suspect a SIM card swap scam, take action.   

What to do if you're targeted 

If you suspect you're being targeted or have already fallen victim to a SIM card swap scam: 

1. Contact your mobile carrier immediately.  

Report the issue and request assistance in securing your account. 

Verizon customers can dial *611 to contact Verizon even if the device's SIM card has been disconnected. Also see the company's SIM swap resource page.  

AT&T customers can 1-800-331-0500 or send a claim online.  

T-Mobile customers should call 1-800-937-8997. 

US Cellular customers should call 1-888-944-9400. 

2. Contact your bank and other financial services.  

After contacting your wireless carrier, contact your bank and alert it to the issue. You should also contact other financial companies you use, like credit card companies.  

3. Disable MFA, change passwords, then enable MFA again. 

You can refuse the SIM card swap scammer access to accounts by changing the credentials. Go into the settings of the account and disable MFA (sometimes called two-step authentication). Change your password to something long, complex, and unique. Then, importantly, turn MFA back on. If you have the option, use a form of MFA that uses a standalone app on another device. These systems are much harder for hackers to crack because you can require more identification, like a facial scan, to access the app.  

4. Monitor financial accounts.  

Keep a close eye on your bank and credit card statements for any unauthorized transactions. Turn on credit monitoring if it is available to you.

5. Report the incident to authorities.  

Report the incident to relevant authorities such as the FCC or IC3 for further investigation and guidance. 

Your phone is a security device 

You can work to avoid SIM card swap scams by adopting a few habits, like using strong passwords, thinking about what you share online, and enabling the most secure types of MFA. You should also avoid responding to any email, text, phone call, or DM that unexpectedly requests personal information. You can go a step further and set a PIN on your SIM card through your phone's settings, too. Critically, let's remember to respect our smartphones as security devices, not just a way to send emojis to our friends.