Have you ever heard of SIM swapping, also known as SIM jacking?  It's a growing scam where criminals take control of your phone number by transferring it to a new SIM card.  Once they have your number, they can bypass 2FA and steal your money, lock you out of accounts, or even commit identity theft.

So, how does this scam work, and how can you protect yourself?

SIM swapping relies on a social engineering attack.  Criminals gather personal information about you, such as your address, birthday, and the last four digits of your Social Security number.  They might get this information through phishing emails, data breaches, or even by bribing someone who works at a cell phone company.  That's exactly what happened recently when a telecommunications manager was caught abusing their position to steal customer SIM cards.

The SIM card essentially acts as the identity card for your phone on the cellular network.  When the stolen SIM card is activated on another device, it takes over your phone number and receives all calls and texts originally meant for you.  The criminal uses your stolen number to bypass 2FA on your online accounts.  They can then reset passwords, access your bank accounts, and wreak havoc on your digital life.

There are several steps you can take to make SIM swapping much harder for criminals:

• If your phone company calls about transferring your number without your request, be suspicious.  Don't provide any personal information and contact your carrier directly through a verified phone number to confirm the legitimacy of the call.  Some carriers offer port protection PINs or require additional verification steps before transferring a number.
• Don't click on suspicious links or attachments in emails or text messages.  Phishing emails often try to trick you into revealing personal information.
• Choose strong, unique passwords and use security questions that aren't easily answered online.
• Consider using Two-Factor Authentication (2FA) apps like Google Authenticator or Duo Mobile that generate unique codes for each login attempt.  These are much more secure than SMS-based 2FA.
• Be mindful of how much personal information you share online. The less information available, the harder it is for criminals to impersonate you.
• Regularly Monitor Your Accounts.  Many financial institutions and email providers offer alerts for login attempts from unrecognized devices.

What to Do If You Think You've Been SIM Swapped

If you suspect you've been SIM swapped, act fast!  Contact your phone carrier immediately and report the issue.  They can help you regain control of your phone number and secure your account.  You should also change your passwords for all online accounts, especially those linked to your phone number for 2FA.