What is a SIM swap attack, and how does it work?

Key takeaways

• A SIM swap attack is a fraud where scammers hijack your phone number by deceiving mobile carriers. Using your number, you may reset your passwords and receive two-factor authentication (2FA) codes.
• Attackers gather personal details using social engineering techniques, data breaches and phishing tactics. They use this information to convince carriers to transfer a victim’s SIM to their own device.
• SIM swap attacks can be detected by signs like inability to use your phone, unexpected account alerts, loss of access to accounts and unauthorized transactions.
• Protect yourself by securing accounts with biometrics, using unique passwords, setting SIM PINs and being cautious about sharing personal information. 

Can you think of a scenario when your phone number goes out of your control? Though the device is in your hands, you find yourself unable to make or receive calls or messages. Worse, you can’t access your bank and crypto exchange accounts, only to find out later that all your money has been stolen by someone who has hijacked your SIM card.

A SIM switch attack is exactly what this nightmarish situation entails. In this fraud, scammers deceive mobile carriers into moving your number to a new SIM card under their control. They then get into your accounts, reset passwords and obtain two-factor authentication (2FA) codes using your phone number. 

This article explains what is a SIM swap attack and how it works, how hackers obtain information from the victim, examples of a SIM swap attack, what to do if you are a victim of a SIM swap scam, and how to guard against SIM swap scams

What is a SIM card?

A SIM (Subscriber Identity Module) card is a detachable component used in most cell phones. Provided by your mobile carrier, such as Verizon or AT&T, it connects you and the associated phone number with the phone.

You can physically remove the SIM card and insert it into another phone, transferring the number and account details. You may also transfer the data associated with one SIM card to a different SIM card in another device.

SIM swap attack: What is it, and how does it work?

A SIM card cloning attack is a kind of cyberattack where attackers take control of your phone number to access your crypto and other personal information. Here’s how the scam works:

• Step 1: The attackers use social media and phishing tricks to collect data on victims.
• Step 2: The attackers get in touch with your mobile carrier, posing as you, and typically claim that “your” SIM card has been lost, stolen or damaged. 
• Step 3: The scammers provide your personal information to the carrier for identity verification, convincing them to transfer your phone number to a different SIM card.
• Step 4: Once the carrier transfers the SIM card, all your calls, SMSs and verification codes get transferred to the SIM card present in the attacker’s device.

Did you know? In January 2024, United States resident Noah Michael Urban was indicted for stealing over $800,000 in cryptocurrency through SIM swapping. Additionally, a group of three individuals was charged with running a SIM-swapping operation that stole over $400 million in digital currency.

How do hackers obtain information from the victim?

To obtain the information they require from you, fraudsters use a technique called social engineering.

Hackers may obtain personal information through various means, including data brokers, data breaches and spyware. They may also use a phishing tactic called smishing, which involves them sending fraudulent SMSs to the victim under the guise of reputable companies to gather information.

In some cases, the attackers may have an insider at the carrier who they can call and ask to transfer the data once they have the other information they may require. 

Each phone carrier has different guidelines on what is required to transfer a SIM to a new phone. Attackers may usually target the information below, as it would be helpful in convincing the carrier to facilitate the transfer of the SIM card:

• Account credentials: Passwords, PINs and security question answers.
• One-time passcodes (OTPs): These are highly sensitive and should be kept confidential.
• Financial information: Credit card details, including the last four digits, expiration date and the security code.
• Device information: Unique identifiers like the IMEI (International Mobile Equipment Identity) of your phone and the ICCID of your SIM card.
• Personal information: Billing address, full name, date of birth and email address.
• Call logs: Recent call history, including numbers dialed and call recipients.

Examples of a SIM swap attack

Here are a few crypto-related examples of SIM swap attacks, which will help you understanding how these attacks happen:

SEC’s X account attack

On Jan. 9, 2024, the US Securities and Exchange Commission announced on X the approval of a spot Bitcoin exchange-traded fund (ETF), causing Bitcoin’s (BTC) price to spike by roughly 10%. 

But the post was quickly deleted, with the SEC clarifying that its account had been compromised. X later clarified the incident stemmed from unauthorized access to a phone number linked to @SECGov, not a platform breach.

Also, the SEC confirmed that the scammers had disabled 2FA that the X support had turned off in July 2023 to resolve login issues but had never reenabled.

Michael Terpin attack

In 2018, well-known cryptocurrency investor Michael Terpin became the target of a SIM switch attack. Attackers took over his phone number, which gave them access to his cryptocurrency wallets. Terpin ended up losing around $24 million. 

He later filed a negligence lawsuit against AT&T, his mobile carrier, for allegedly failing to stop the attack, but the judge ruled in favor of the telecommunications giant.

Joel Ortiz’ SIM swap attacks

In 2018, college student Joel Ortiz was jailed for planning multiple SIM swap attacks that resulted in the crypto theft of over $7.5 million from scores of people. 

He, along with his associates, used SIM swap attacks to get around 2FA and access the victims’ cryptocurrency wallets. He was sentenced to 10 years in prison, making him one of the first significant prosecutions for SIM swap crypto theft.

Did you know? A 42-year-old New Jersey man, Jonathan Katz, pleaded guilty to helping hackers conduct SIM swap attacks in exchange for Bitcoin. Katz, a telecommunications employee, abused his access to company systems to assist in these attacks between May 11 and 19, 2021.

Why do you need to be so careful about SIM swap attacks?

Mobile phones are now so closely associated with your daily life that suffering from a SIM swap attack has the potential to disrupt your life. It is not just inconvenient but may put you at financial risk if you have accounts with 2FA.

If a fraudster has your username and password for a cryptocurrency account, they may still be unable to log in to your account and escape with your money if you use 2FA. However, if a hacker has taken control of your phone number, they’ll be able to get the verification codes, which they can use to manipulate your account and siphon off your money. 

Fraudsters could also use their access to a phone number to reset a password and block your access to your accounts. To cover their tracks, the fraudsters could channel the money through other accounts using methods like coin mixing. 

Signs of a SIM swap attack

Clear indicators of a SIM switch attack can help you identify it early on and possibly limit the harm:

• Inability to send texts or make calls: If you are unable to access mobile data, send texts, or make calls, it indicates a network problem. A SIM swap may have taken place, moving your phone number and service to the fraudster’s handset. But failure to send texts or make calls may also indicate a service interruption, so it is helpful to ask a few people using the same carrier if they are also facing the same problems.
• Alerts regarding activity on other devices: Carriers usually send out alerts if there is unexpected account activity. A SIM swap may be underway or have already occurred if you are getting alerts about questionable activity on your accounts or a communication from your carrier concerning the activation of a new device.
• Failure to access accounts: By altering your passwords, SIM swap cybercriminals may lock you out of your own accounts. After several shady login attempts, some accounts may automatically prohibit access, including you. You need to take immediate action to secure your accounts, as losing access to them is a clear indication that they may have been compromised.
• Unauthorized transactions: If your bank or exchange communicates to you any transactions you haven’t made, it indicates fraud. If transactions are preceded by your inability to use the SIM card or access your accounts, it suggests a SIM-swapping scam. 

Did you know? The US Federal Communications Commission (FCC) introduced new regulations in November 2023 to protect consumers from SIM swap attacks. Mobile carriers must now implement stronger authentication measures before transferring phone numbers.

How to prevent a SIM swap scam

To prevent more harm, take quick action in the event of a SIM card cloning attack to take back control of your cell service and financial accounts:

Contact your carrier

If your SIM has been swapped, contact your phone carrier immediately. Your provider can stop the scam by preventing the attacker from accessing your mobile network. Here is how you can get the latest information about the carriers’ possible support in the US and contact them:

• Verizon: Even if you are disconnected, you can still get a free airtime call by dialing *611. For further information, you may also go to Verizon’s SIM switch reporting page.
• AT&T: File a SIM switch fraud claim online or call 1-800-331-0500.
• US Cellular: If you think someone is phishing or swapping SIM cards, call 1-888-944-9400 or contact the company’s fraud prevention support.
• T-Mobile: For SIM switch protection, call 1-800-937-8997.

Protect your financial accounts

Notify your bank or exchange right away and take any necessary steps to protect yourself against any further damage. You may request them to temporarily freeze your accounts. Start the dispute procedure to cancel or, if feasible, reimburse any unlawful transactions that have taken place.

Reset your passwords and turn off 2FA

If you’ve still got access to your account, turn off 2FA and create a new, secure password to make sure the fraudster can no longer access your calls or messages. Connect your account to another SIM card and reenable 2FA. 

Turn on security features and alerts to help identify and stop future SIM swap attempts. For instance, on Binance, you can manage 2FA with passkeys and biometrics, an authenticator app, email and phone number, turning it on and off at will.

Did you know? A SIM swap attack on Bankers Life and Washington National Insurance compromised the data of over 66,000 customers in November 2023, according to Hackread.

How to guard against SIM swap scams

There are certain precautions that could help you in stopping SIM swap attacks:

• Use eSIMs: eSIMs are digital SIM cards embedded into devices like smartphones and smartwatches. Unlike physical SIM cards, eSIMs cannot be lost or stolen, offering enhanced security.
• Never share personal information publicly: Scammers often obtain information about their victims on social media. Refrain from giving personal information that could be used to impersonate you online, such as your address, phone number or birthdate.
• Disregard unsolicited requests for personal data: No reputable organization will ever get in touch with you to request personal information. Scammers may pose as banks, government agencies or service providers to get the information they need to breach security. 
• Use antivirus software: When downloading files, use antivirus software to scan them for malware before opening. Scan your entire computer regularly for any malicious files. Running regular scans is a proactive measure that helps detect malware early.
• Use biometric authentication or an authenticator app: For accounts and apps, use biometric authentication, such as Face ID, or an authenticator app as a safe alternative to 2FA. Another key step to enhance security is to create complex, one-of-a-kind passwords with a password manager. 
• Configure SIM PINs: You may either set a password in your phone’s settings or modify the SIM PIN that comes with your phone by default. Some carriers may offer a Number Transfer PIN that you need to use exclusively when requesting a SIM swap, keeping your SIM out of reach for the hacker.

How SIM swap attacks may evolve

As more stringent security measures are applied to prevent SIM swap attacks, scammers are also likely to learn sophisticated techniques to get through with their schemes. 

They may apply novel social engineering techniques to directly target telecom workers or extract information from SIM card users. They may also find alternative ways to intercept codes to get around 2FA.

Telecom operators have an essential role to play regarding security during SIM swap attacks. They can develop cutting-edge security features like specialized SIM switch PINs that are delivered at physical addresses and enforce stricter identity verification processes. 

By remaining vigilant, telecom carriers can hinder attackers’ ability to take advantage of SIM-related vulnerabilities.