SIM Swapping: New Scam Gets Around Two-Factor Authentication

SIM Swapping: New Scam Gets Around Two-Factor Authentication


If you’re careful online, you know how to set up two-factor authentication on your devices and accounts. This is supposed to protect you from scammers who want to log in to your bank account, your social media accounts, and your personal devices. However, even two-factor authentication isn’t foolproof anymore. 

There’s a new scam making the rounds called SIM swapping that allows criminals to access your phone number and intercept messages and calls meant for you. How can you prevent this before it happens? Here are our tips.

What is SIM Swapping?

SIM swapping is an underhanded tactic scammers use to steal other people’s phone numbers. They do this by purchasing a new cellphone and calling your cell provider. They pose as you, using information they’ve gleaned from your social media accounts, and claim to have a new phone they want to activate with your number.

Once the phone provider authorizes this SIM card switch, they’ll have access to your phone number and will intercept any text messages or phone calls meant for you. The worst part is that you’ll be none the wiser–it could be hours before you realize your phone service has been cut off, especially if you get most of your messages or calls over the internet and you’re connected to wifi when the criminal strikes.

Why Do This?

So, what’s the point of SIM swapping, other than stealing someone’s phone number? Most people set up their two-factor authentication to send them a text message with their confirmation code. Once a scammer has stolen your password through a data breach or a phishing attempt, all they need is your phone number to complete their theft of your personal information.

What’s more, once they have your phone number, it’s difficult for you to reach out to your bank and cell phone provider with your now-useless phone. It’s an insidious scam that can leave you flat-footed and unable to combat a robust hacking effort.

Avoiding the Issue

You can set up a PIN with your cell phone provider that they have to hear before authorizing any remote SIM swap. Some operators won’t ask for it, though, so you need to be more careful than just adding a password to your account.

You should also opt for algorithmic two-factor authentication whenever you can. Using apps like Google Authenticator that use timing-based algorithmic passwords is much safer than text-based options. If you use an app instead of text messaging for your authorization, you’ll thwart any thieves before they even try stealing your number.