What is the SIM swap scam and how can you protect yourself against it?
SIM now cards carry most of our sensitive personal information such as social media accounts, emails, e-wallets, banking details, and more. While they typically stay housed inside our smartphones, SIM cards can still get stolen without them ever leaving your pocket through SIM swapping.
SIM swapping is a form of scam and identity theft where a criminal steals your mobile phone number and assigns it to a new SIM card. Then, they could use your number to access digital accounts linked to it and do damage.
In one recent incident that came out in a Philippine STAR column, a victim reportedly lost P1.7 million through the scam after it was triggered when she answered a phone call from a suspicious number.
The tell-tale signs
The scam starts when a criminal acquires your contact details (name, address, contact number, email, password) via phishing. Then, they will contact your mobile carrier impersonating you to report that your phone and SIM card were either lost, destroyed, or sold—this way, they can get your phone number reassigned to a new SIM.
You will then get disconnected from your SIM card and the criminals can start resetting your account passwords and control any two-factor authentication you have set up. When that happens, they can use your linked credit cards and e-wallets to spend your money.
Another tell-tale sign of a SIM swap scam is when you get a message or a call from a suspicious number asking for a one-time PIN (OTP) to confirm their bank transactions and online purchases.
If you've been SIM swapped, your phone will start behaving strangely. Calls and texts won't work, and you'll receive emails about account or password changes.
How can you protect yourself from the SIM swap scam?
To keep yourself safe from the scam, Mozilla suggests setting your online profiles to be more private. In April 2021, 500 million Facebook accounts had their data—including their names, gender, phone numbers, birth dates, location, employer, and relationship status—leaked. These data weren't collected by breaching Facebook's databases but were instead "scraped" from information that users made visible to the public.
The best way to keep your information private is to go to your Profile settings and consider setting the most sensitive of them to Friends only or to Only Me.
Globe also recommends limiting what you share on social media. Don't share screenshots of bills—especially ones that display a lot of your information.
US mobile carrier AT&T also suggests not oversharing your mobile number and using your landline number instead when you need to give your number out to businesses. And unless for business reasons, don't include your private mobile number on social media or your email signature.
In addition, changing your passwords to strong and unique ones is a good cyber hygiene practice to keep you safe from any sort of scam. If all your passwords for all your accounts are the same, a hacker will easily be able to compromise all your accounts.
Finally, never share your OTPs. Major telcos and bank companies will never ask you to send your OTP over text. If you get texts asking for that info, block the number.
In the unfortunate case that you fall victim to SIM swapping, get in touch immediately with your mobile carrier as well as credit card and bank companies.