Sim swapping - how to protect yourself and your online accounts

Sim Swapping Article Header
For financial professionals only

Imagine you go to make a phone call and you notice your phone has no signal. Maybe you try to send a text message, but it’s undeliverable and you can’t receive text messages either. Or you’ve no longer got access to your online accounts. If this happens to you, it’s likely you’ve become victim to sim swapping.

What is sim swapping?

Sim swapping is when an attacker takes control of your phone number by porting your number to a new sim, owned by the attacker. This means any calls or texts to your number go through to the attacker’s device, not yours. 

If you use SMS based multi-factor authentication (MFA) to access your accounts, the attacker will receive any codes or password reset links sent to that phone number and will be able to gain access to your accounts instead. 

Signs that your sim has been swapped

A lot of financial platforms and social media accounts provide SMS based authentication so if your sim is swapped, you may find money being transferred out of your bank account or your friends may notice that your social media profile is being used to post or message your contacts about scams.

In January, the US Securities and Exchange Commission (SEC) fell victim to a sim swap attack after their X (formerly Twitter) account was hacked and used to post that the SEC had approved bitcoin ETFs (exchange-traded funds), causing a momentary spike in the bitcoin price.

This type of attack can causes distress and disruption, so you must act quickly to regain control of your number and accounts.

How do attackers get control of phone numbers?

The attacker typically starts by gathering information about their target, either through trawling social media accounts (e.g., LinkedIn), via phishing attacks or purchasing information on the dark web. 

They then use this information to trick phone providers into thinking the victims lost their device and needs to activate a new sim.

As well as tricking the phone provider agent, cyber criminals may hijack accounts belonging to employees or contractors at the phone provider itself, exploit unpatched vulnerabilities in the their systems or pay an insider to provide this information.

These attacks are easy for cyber criminals and hard for victims to stop. 

Phone providers are becoming more aware of these types of attacks and have mitigations in place, but unfortunately attackers are good at manipulating people and there will always be attempts that fall through the net.

If you notice anything strange with your phone, act fast

Most people will only notice they’ve become a victim of sim swapping when they try to use their phone and it stops working or money is transferred out of their bank account. So if you notice any unusual activity or a sudden loss in network connectivity, contact your mobile provider immediately so they can take preventative measures to secure your account.

How can I protect myself from sim swapping?

  • Avoid SMS as an MFA tool and opt for authentication apps instead
  • Be wary of phishing emails or calls requesting your personal information
  • Be sensible with the information you post online, either through social media or on your company website
  • Boost your account security by setting strong and unique passwords, and use security questions that only you know the answer to
  • Keep track of your information on the dark web - sign up to haveibeenpwned.com to be notified when your information is sold online

This article is for financial professionals only. Any information contained within is of a general nature and should not be construed as a form of personal recommendation or financial advice. Nor is the information to be considered an offer or solicitation to deal in any financial instrument or to engage in any investment service or activity.

Parmenion accepts no duty of care or liability for loss arising from any person acting, or refraining from acting, as a result of any information contained within this article. All investment carries risk. The value of investments, and the income from them, can go down as well as up and investors may get back less than they put in. Past performance is not a reliable indicator of future returns.