Sim Swapping is a social engineering hack where scammers and fraudsters steal your phone number without ever touching your phone.
There are a couple of ways they can do this.
- The scammers trick your phone provider into thinking that they are the rightful owner who’s lost the phone and need to transfer service to a new device; or
- Occasionally it’s the phone employee that helps the scammer perpetrate the switch.
No matter what, once your phone number has been stolen (Sim-Swapped), your text messages and 2-factor authentication starts going to the scammer. It provides a gateway for access to your email, online banking and cryptocurrency accounts because all calls and text messages made to your phone number to verify your identify are now going to the scammer.
Here are some things you can do to help protect yourself from a SIM card swap attack:
- Contact your wireless provider if you notice you aren’t receiving text messages or calls. This could be an indication that your phone number has been compromised. It’s a good idea to regularly check for updates and alters from your provider.
- Never disclose your banking or other online passwords or personal identification numbers to anyone. Banks, social security and other institutions will never ask for this information.
- Don't reply to calls, emails, or text messages that request personal information. These could be phishing attempts by scammers looking to get personal information to access your cellular, bank, credit or other accounts, driver’s license number. If you get a request for your account or personal information, contact the company using a phone number or website you know is real.
- Limit the personal information you share online. If possible, avoid posting your full name, address, or phone number on public sites, and don’t share other information such as your mother’s maiden name, date of birth, or first car on social media. An identity thief could find that information and use it to answer the security questions required to verify your identity and login to your accounts.
- Set up a PIN or password on your cellular account. This could help protect your account from unauthorized changes. Check your provider's website for information on how to do this. Make it unique so it can’t be easily identified (e.g., do not use the last for digits of your SSN, DOB, anniversary, etc.)
- Contact your bank or financial institution and request that they provide you notice of every financial transaction through two different channels. (e.g., both via text message and email).
- Use a separate email address for your online banking account and financial transactions from your social media accounts.
- Consider using stronger authentication on accounts with sensitive person or financial information. If you do use multi-factor authentication, (MFA), keep in mind that text message verification may not stop a SIM card swap. If you are concerned about SIM card swapping, use an authentication app or a security key.
Source: The Federal Trade Commission
Follow FTC guidance on preventing identity theft.
See CTIA’s Protecting Your Data on Your Mobile Device
Follow your carrier’s security advisories and leverage their available tools such as credential “vaults” that manage PINs/passwords to facilitate account access.
Share these tips with friends, family and, colleagues.
If you believe your wireless account has been hacked, notify your provider immediately. It is highly recommended that you check your accounts, including your financial information, for signs of fraud. If you see any, contact your financial institution immediately.
IDENTITY THEFT PROTECTION FOR WFA CLIENTS
WFA has joined iLOCK360 to offer Plus or Premium protection plans at a discounted price to WFA Clients. Learn more about iLOCK360 by going to the iLOCK360 website at: https://www.ilock360.com/. Contact your Advisor to obtain the coupon code to receive the discounted price.