Brought to you by Primus - a smart choice for your Internet and Home Phone services.

The SIM Swapping Scam: What It Is & How to Protect Yourself

SIM swapping is becoming a popular way of hacking into accounts. Here, we break down what it is, how it works, and how you can protect yourself.

What Is SIM Swapping?

SIM swapping involves an attacker moving a victim’s phone number from its original SIM card to one the attacker controls. It’s sometimes called the port-out scam, SIM swapping, or simjacking. There are a number of ways to do this, but usually an attacker calls the victim’s phone company and provides just enough information (such as an address, birthday, mother’s maiden name, or other information a carrier might use to identify you) to convince the carrier to switch the victim’s phone number to one the attacker controls.

Keep in mind, most times a carrier changes a phone number from one SIM to another because a person has bought a new phone and new SIM card and needs to activate it. Basically, an attacker is trying to mimic this interaction to gain access to the victim’s number.

Why Would Someone Do That?

If you have two-factor authentication (2FA) enabled using your phone number, then having access to your phone number can help an attacker break into your email, banking information, or other protected account. If they’re trying to manipulate a company into changing account information or handing it over, it can help to call from their victim’s phone number.

How Do I Know If I’m Targeted?

Most victims know they’re victims if their phone loses service. There are a number of reasons a phone might lose service (a downed tower, changed settings, missed software updates, etc.), so you’d need to verify why your service is down.

You can check to see if you’re the victim of a SIM swap by logging into your phone carrier’s site and checking to see that the SIM number associated with your account is the one on your actual SIM card. If not, you’ve been SIM swapped.

At this point, your attacker can use your number to gain access to your 2FA-protected accounts.

What Do I Do If I’m Targeted?

Step one is to call your carrier—using someone else’s phone, obviously. They should be able to stop the swap or reverse it.

Next, change any passwords you can—although this may be difficult if you aren’t logged in at the time of the attack and don’t regain access to your number.

Third, monitor your account for signs of suspicious activity.

Finally, you can report the incident to the Canadian Anti-Fraud Centre.

How Do I Protect My Phone?

Most attacks start at the carrier level. You’ll have to contact your carrier and ask for port protection. This may involve setting up additional security for your PIN in case you want to swap it yourself.

You should also avoid sharing too much information about yourself on social media. This information is one of the biggest ways attackers are able to convince carriers to carry out the SIM swap.

How Do I Protect My Accounts?

If you don’t use phone-based 2FA, then a successful SIM swap attack against you will be nearly useless. Instead, you can enable 2FA on your accounts by using an authenticator app. These apps still live on your phone, but the PIN information doesn’t travel through your carrier.

You can also consider using a password manager. If you have powerful passwords that the attacker can’t know or guess, then having your phone number for the 2FA part of the equation won’t help them gain access to your accounts.