SIM-swapping attacks might sound like one of the identity theft horror stories that only happens to people who are too careless or cavalier with their personal information, but more of us are at risk than it seems.
A recent study from Princeton found that several U.S. carriers are vulnerable to SIM-swapping attacks, and prepaid accounts are the most susceptible. Researchers signed up for ten prepaid accounts on AT&T, T-Mobile, Tracfone, US Mobile, and Verizon each. They were then able to successfully “trick” customer service reps and circumvent account security protocols to gain control of activated devices. They then remotely disabled these devices’ network access, which is how most SIM-swap attacks begin. You can read the entire paper here (via Engadget).
The results are alarming. SIM-swap attacks are one of the most dangerous forms of identity theft, and while it takes time and effort to pull off, it’s apparently much easier of the target is using a prepaid account on AT&T, T-Mobile, Tracfone, US Mobile, or Verizon.
Editor's Note: While this study was based in the U.S., SIM-swap attacks can happen globally, on any network.
That said, all smartphone users on any carrier should be aware of how SIM-swap attacks work. You’ll find more information about how SIM-swap attacks are carried out and how to respond to them in our explainer, but we wanted to talk more about how to spot a SIM-swap attack in light of the Princeton study.
Spotting an attempted attack before it happens
SIM-swap attacks normally begin with an old-fashioned phishing scam. Email phishing is still surprisingly common, but hackers also use fake login pages, apps loaded with spyware or keyloggers, fake ads, and malicious message attachments to gain access to your accounts. Once they have that, all it takes is knowledge of your phone number and some personal data to execute a SIM-swap attack.
Phishing isn’t the only way to start a SIM-swap attack; hackers can get your info from leaked personal data, or even physically lift it from your devices. You should always take proper care to respond to leaks and avoid losing your device (or letting the wrong people use it).
Some early SIM-swapping attack warning signs
When you’ve been hit with a SIM-swap attack, your device will start acting up. Here are some clues that you might be the victim of these specific type of hack:
Sudden changes in service. The first sign of a SIM-swap attack is receiving notifications from your provider that your phone number or SIM card has been activated elsewhere. However, many providers have security measures in place to reduce the likelihood of a successful takeover, and they may try to confirm account changes with you before they take affect. Or at least they say they do.
Unauthorised security alerts. Similarly, if you have the proper settings enabled, you may receive notifications or email alerts that important profile data—such as passwords, pin numbers, security questions, contact info—for your service provider and other accounts has been changed or that logins were made (or attempted) from unrecognised locations or devices.
You need to respond to these alerts immediately, regardless of if anything was successfully changed. Someone is trying to hack into your accounts and steal your identity—whether by a SIM-swap attack or some other means. The faster you catch and react to these attempted changes, the better your chances are of mitigating the hack’s severity.
Signs of a successful or ongoing SIM-swapping attack
What you’ll experience after a successful SIM-swap attack is even scarier. Once someone gains access to your phone number, they now have access to any apps, accounts, or personal data tied to it (including two-step authentication requests). From there, it’s only a matter of minutes before they’ve locked you out of everything and assumed your identity.
Here are some additional warning signs to look out for:
You cannot send or receive texts and phone calls. Once your phone number has been activated elsewhere, the device it was previously tied to becomes inert.
Someone says your social media or email has been hacked. As Mathew Miller reported on ZDnet after falling prey to a SIM-swap attack, a hacked Twitter account can be a sign of more than just poor password strength—it’s one of the easiest ways to catch a SIM-swap attack. If you’re able to still log in despite an apparent hack, change your login and contact info asap. Otherwise you’ll need to contact customer service.
Being unable to use any apps on your phone. If you’ve suddenly been signed out of all your apps and various other accounts and can’t log back in, that’s an obvious sign of some kind of identity theft. The severity of this depends on the affected apps and how widespread it is. If it’s just one app, it’s possible your password was changed on your behalf by the company in response to a data breach or suspicious activity. Check if you can still sign into your emails, comb through your tests, and double-check for any missed push notifications regarding password changes. However, if this is happening happening to several apps—or you’re experiencing any other symptoms described in this post—that’s a sign of a SIM-swap attack or some other major issue with your security.
Unauthorised bank activity. Your financial institutions will send fraud alerts or suspicious activity—though, if your phone number and email addresses are compromised, your attacker will probably be able to intercept these before you’re aware. Still, if you are getting alerts or notice anything suspicious, contact your bank.