Thieves are motivated to find ways to steal your phone number – with SIM swap scams. What is a SIM swap? It is a form of social engineering that allows a scammer to take control of someone else’s number. They don’t have to physically have your phone.
What You Should Know About SIM Swap Scams
First, thieves target a person with valuable online accounts. These could include a financial account with a lot of money or a social media account with a large following.
If you become a target, a thief gathers information about you like email, home address, and phone numbers. They may try to trick you into revealing information about yourself through phishing or social engineering. But they often get the information with a few simple internet searches or from social media.
Once he has the information, the thief may call your phone carrier, pretending to be you, and attempt a “SIM swap.” He will convince your mobile service provider to replace the SIM card in your phone with one in his possession. If successful, the mobile network will start sending calls and texts to the new SIM card – which is really the bad guy’s phone.
This will deactivate your phone, and the bad guy will start getting your calls and texts on his device, including authentication texts, one-time PINs or phone responses. This means the thief may be able to gain access to your financial or social media accounts.
How Cricket is Helping
The thieves constantly change their tactics. We are continually looking for ways to enhance safety measures, such as:
- Building tools to make it harder for someone to pretend to be you
- Developing enhanced authentication methods to help stop fraudulent activity
- Training employees and customers to recognize impersonation attempts better
- Expanding fraud detection and support
- Applying advanced technology to detect and stop suspected unauthorized SIM swaps
What You Can Do
These scams could happen to anyone. Here are a few tips to help avoid having your number taken over:
- Don't share personal information online. Don't post, or at least carefully limit, information on social media that a thief could use to gain access to your accounts or convince someone he is you. This includes legal names, birth dates and information that could be an answer to a security question, such as a pet's name, your best friend or high school mascot.
- Keep your personal email inbox clean. Delete phone bills, bank statements and other emails that may include personal information. Don't store passwords, passcodes or pins in unencrypted or unsecured email accounts. This will help reduce the risk of your sensitive information falling into the wrong hands.
- Change your account PIN and online password on a regular basis and don’t share it with other users.
If you believe your SIM card has been swapped without your consent, report it to your carrier right away. Also, contact your financial institutions and email provider to protect your accounts.
Review our Fraud Protection page for more information about how you can protect yourself online.