Protecting Your Wireless Account Against SIM Swap Fraud .
SIM swap fraud is when a scammer transfers your phone number to another device without your authorization. This allows scammers to begin receiving communications associated with your phone number, including those that may allow them to access your social media profiles, banking and other accounts. Bad actors may attempt this fraud on prepaid or post-paid wireless accounts.
How it Works
Bad actors may target people who have valuable social media or financial accounts for SIM swap fraud. To successfully commit this type of fraud, they need additional information about you, like your email, home address, and your phone number. Often, this information is available online, either through a search engine or social media. Once the fraudster has this information, they may call your wireless provider and pretend to be you in order to transfer your phone number to a new SIM card and device.
How to Protect Yourself
Wireless providers are working hard to prevent this type of fraud. Consumers can play a critical role as well by taking steps to protect your wireless account:
- Establish a PIN on your account that is required for account access and use a unique number that cannot be easily determined (that means don’t use the last four digits of your SSN, your DOB, your anniversary, etc.).
- Download your provider’s mobile app to stay up to date on security updates and alerts.
- If you stop receiving any calls or texts, and you don’t know why, contact your wireless provider immediately. Even if you don’t use your mobile device often, you should check regularly for provider and account alerts.
- Limit sharing your phone number in situations where it might be widely posted or distributed.
- Follow your provider’s security advisories and leverage tools such as multi-factor authentication.
Protecting Your Personal Information
To transfer your phone number to a new device, scammers usually need other types of personal information. The following best practices will also help protect your PINs, passwords, accounts, and personally identifiable information from fraudsters:
- Never disclose your banking or other online passwords or personal identification numbers to anyone. Even your bank will never ask for this.
- Be alert for pretexting or “phishing” attempts. If you receive a call, email or text message asking you for your social security number or a portion of your social security number, your bank account number, your driver’s license number, or other identifiers or financial details, do not provide them even if the call, email, or text appears to be from a trusted entity. Instead, contact the trusted entity directly.
- Keep personal details—such as your date of birth, your first car, or mother’s maiden name—off social media so that scammers can’t impersonate you easily.
- Don’t keep passwords or personally identifiable information in your email inbox.
- Ask your bank or financial institution to give you notice of every financial transaction through two different channels – via text message, for instance, as well as email.
- Use a separate email address for your online banking account and financial transactions from your social media accounts.
- Follow FTC guidance on preventing identity theft.
If you think your wireless account has been compromised, call your wireless provider immediately. We also recommend that you vigilantly check your accounts, including your financial information, for signs of fraud. If you see any, contact your financial institution or account manager.
What Wireless Providers are Doing
The wireless industry takes SIM swap fraud very seriously. Wireless providers are constantly improving internal processes to stay ahead of these bad actors, while protecting the rights of legitimate customers to transfer their phone number to a new device or wireless provider. While each provider’s tools and practices are different, the industry employs a variety of tactics to stop SIM swap fraud, including:
- Offering wireless account PINs and/or the ability to lock or freeze your wireless account to protect it from unauthorized access and changes
- Sending one-time passcodes via text message or email to the account phone number or the email associated with the account when changes are requested
- Providing additional security tools to further protect your account, as well as online instructional videos on how to use such tools
- Training employees to identify signs of a fraudulent SIM swap request and uses
- Leveraging technology solutions to identify and combat unauthorized SIM swaps
- Working with law enforcement to bring action against SIM swap fraudsters