Q: What exactly is SIM hijacking, and how do I prevent it from happening to me?
Our smartphones have become one of the most important devices we use on a daily basis, because so much of our lives are wrapped up in them. I often refer to them as a remote control for our lives, because we can accomplish so much with them no matter where we happen to be.
This level of reliance is why a relatively simple but effective scam known as SIM swapping or SIM hijacking has been on the rise.
What is a SIM?
SIM stands for “subscriber identity module,” and it resides on a small plastic card that is installed in your smartphone.
The SIM card has a unique ID known as the IMSI (international mobile subscriber identity) that’s used to connect your device to your mobile carrier’s network and bind your device to your phone number. This information is stored and controlled by your mobile carrier for validation and billing purposes, so it’s a very important piece of information.
How the scam works
If someone can convince your mobile carrier or a third-party phone store that they are you and that they have a new SIM card that they want to activate, they can essentially take over your smartphone.
As a result of the numerous data breaches over the years that have revealed lots of very sensitive information such as your social security number and date of birth, cyber-thieves have much of what they need to convince a support person on the phone that they are you.
Once a thief gets your carrier to swap your account to the SIM they have in their possession, they can insert the newly activated SIM into any smartphone to take over your phone number. This will disable your phone altogether and give them everything they need to start taking over all your accounts by requesting password resets that will get sent to their device.
This can also be used to thwart the security provided by two-factor authentication, because the verification number is sent to your phone number, which they now control. In some cases, the thieves may even attempt to demand payment in some form of cryptocurrency for you to get your number back.
If your phone ever stops working, it may be a sign of SIM hijacking, so you should always call your carrier immediately from another phone to stop the scam as quickly as possible.
How to prevent SIM hijacking
Since it’s highly likely that the information needed to convince your carrier is circulating around the internet’s underground marketplace, you’ll need to make a change to your account with your carrier to prevent hijacking.
By default, their security may simply be the last four digits of your social security number, so you’ll want to update your account by creating a specific PIN or passcode that will be required to make any changes to your account.
Make sure you avoid using any previous PINs or passcodes, as they may also be in the stolen records from previous breaches. Most carriers offer the ability to add a PIN/passcode by dialing 611, which will connect you with the carrier’s support system.
If you’d like more details, checkout the support page for your specific carrier:
Ken Colburn is founder and CEO of Data Doctors Computer Services. Ask any tech question on Facebook or Twitter.