SIM card swapping is a scam where bad guys hijack your mobile phone number, giving them access to information coming to your phone number.
Secure your number to reduce SIM swap scams
It starts when bad guys find a person to target who has accounts that are accessible online. The fraudster could be interested in draining a financial account or taking over a social media account with a large following.
To do this, they take control of your phone to get past extra authentication that may be an added layer of protection for your online accounts. That’s where somebody can’t get into your account unless they can receive a one-time PIN via text or call.
The code is delivered to your phone, so the fraudsters try a “SIM swap” which lets them transfer your phone number onto their device.
If they take over the phone number, the authentication text or call comes to their device, not yours.
The measures you take to secure your phone number can be key to protecting your identity. Not all hacks are preventable, but here are a few tips to help avoid the SIM swap scam and other phone hijacking attacks.
- Secure your Cricket account PIN and Security Answer. All Cricket customers have a PIN and Security Question & Answer that is set up at the time of activation. Be sure to set up something unique and safeguard that information.
- Turn on your PIN in Cricket account using My Account or the myCricket App. When your PIN is enabled, you will have to enter it every time you make a change to your account.
- Be careful about sharing your phone number. Be selective in what number you share with the companies you do business with, and limit how often you share it with others. This includes social media, email and websites. Be selective when it comes to including the number you use to authenticate your accounts on telephone lists and directories.
- Keep your personal email inbox clean. Delete phone bills, bank statements and other emails that may include personal information. If your email account is compromised, this will help minimize the chance hackers can get sensitive information.
- Don’t share personal information online. Don’t post information on social media that could be used by the bad guys to gain access to your accounts. This includes answers to security questions, legal names and dates of birth.
- Don’t click on links from unknown sources. Bad guys will often try to mimic companies by sending an email or text message that looks to be from a familiar company. If you click on the link, you could unknowingly install bad software allowing the bad guys to gain information from your device. The link could also take you to a login page (made to look like a page of a company you do business with) asking you to log in to your account. If you enter your credentials, the bad guys now have your login.
- We will never send you a text or email asking you to confirm personal information. If you receive a request to provide personal information, do not respond. Contact us directly to confirm that the request for information is from a legitimate source.