Con Watch: Is Your SIM Card Safe?

Don’t let a SIM card thief wipe out your bank account. Protect yourself with a few simple steps.

A woman inserting a SIM card into her iPhone.

Weekly Newsletter

The best of The Saturday Evening Post in your inbox!

SUPPORT THE POST

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

What Is a SIM Card?

A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate you on your cell phone. The SIM card is able to be transferred between different devices, and often is, such as when you get a new phone but keep the same cell phone number.

What Is the Danger?

If identity thieves take over your SIM card, they can control your email and any other accounts you access through your cell phone, such as Amazon, eBay, PayPal and Netflix. Even more worrisome, criminals can also intercept security codes sent by text message as part of dual factor authentication, which is often used to verify your identity for more secure transactions, such as online banking. The thief now has the opportunity to empty your bank accounts and cause financial havoc. They can easily reset your password on any online accounts that you have that are tied to your cell phone number. If that weren’t bad enough, they now also have access to any personal information, such calls or texts, that could potentially be used to blackmail you.

How Do They Get Your SIM Card Information?

A criminal calls your phone carrier claiming to be you and telling them your phone has been lost or damaged. Then they ask the carrier to transfer or swap your SIM card to a new phone controlled by the criminal. This is known as SIM card swapping.In another type of scam known as porting, the thief calls your carrier, saying they want to transfer the phone number to a new company.

In order for the scam to work, the identity thief needs to have personal information about you so that when they call your carrier, they can impersonate you effectively. They are quite adept at contacting victims by email or telephone and getting them to supply Social Security numbers by posing as a legitimate company or agency. Even if one is cautious about giving out personal information, it can often be bought on the Dark Web thanks to all of the recent corporate data breaches, including those at Marriott, Equifax, and Facebook.

Recently, Sydney, Australia police charged a man with involvement in a conspiracy where criminals took over the mobile phone accounts of 70 people and gained access to their bank accounts, using them to purchase more than $100,000 in goods. It was estimated that this type of crime cost Australians at least $10 million in the last year.

In February, 20-year-old college student Joel Ortiz became the first American to be convicted of crimes related to SIM swapping. Ortiz was sentenced to ten years in prison for hacking into the online Bitcoin wallets of his victims, stealing more than $5 million in Bitcoin.

How Do You Protect Yourself?

The best thing you can do to protect your SIM card from porting or swapping is to set up a PIN or password for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you.

AT&T will allow you to set up a passcode for your account that is different from the password that you use to log into your account online. Without this passcode, AT&T will not swap your SIM card.

Verizon enables customers to set up a PIN or password to be used for purposes of authentication when they contact a call center.

T-Mobile will allow you to set up a passcode that is different from the one you use to access your account online. This code will not only protect you from criminals attempting to call T-Mobile and swap your SIM card, but will also prevent someone with a fake ID from making changes to your account at a T-Mobile store.

Sprint customers can establish a PIN that must be provided when doing a SIM swap.

Remember to never provide personal information in response to an email, phone call or text. You can never be sure who is really contacting you. If you think the communication might be legitimate, contact the real company or agency directly using a phone number or address that you know is accurate in order to confirm whether or not the original contact was legitimate.

These simple steps can help protect you from becoming a victim of SIM swapping.

Featured image: Shutterstock.com

Become a Saturday Evening Post member and enjoy unlimited access. Subscribe now

Comments

  1. This is good advice for people who choose to (or have to unfortunately) use their cell phones for banking transactions, Amazon, eBay, PayPal, etc. that would require the SIM Card in the first place.

    The risks here still seem to outweigh any “convenience” here by a very wide margin. Any banking I do is with the bank directly over the phone, or at the bank in person. Amazon, eBay, PayPal transactions are done on my desktop computer only, and I’ve never had one incident of identity theft, or theft otherwise, Steve.

    I would never replace the desktop for just the iPhone; no way, no how. Same with the landline. The iPhone is great for quick texts and calls, but isn’t safe or healthy for long(er) conversations. In addition, the call is much more likely to be dropped, and zaps the phone of energy.

    You always have to be on your guard with technology, but using the desktop computer for certain things, and the cell phone for other things is a good ‘ying and yang’ compromise. Then there’s the overlap of the things you can do on either without worry.

    I know a few people at work that are 100% reliant now on just the cell phone. Just last night a co-worker told me her debit card info info was stolen, and she had a $62 bill from Lyft that was not hers. I told her to call the bank immediately to report it, she did, but now has to have that card cancelled and replaced. It’s put her in a real bind!

    Whatever promise of ease and convenience is being made for YOU, is also making it easy for hackers/thieves to STEAL from you too. It’s not worth the risk to me, at all. If it is for other people, go for it with my blessing.

Your email address will not be published. Required fields are marked *