A SIM card is a small chip in your phone that acts as the connection between your account and your phone. Your phone uses a SIM card to connect with the mobile network. Through the SIM connection, your mobile service provider links the phone to your number and account. 

Thieves are motivated to find ways to steal your phone number. And they don’t have to physically have your phone.

First, they target a person with valuable online accounts. These could include a financial account or a social media account with a large following.

sim_swap_1.jpg
sim_swap_2.jpg

If you become a target, a thief gathers information about you like email, home address and phone numbers. They may try to trick you into revealing information about yourself through phishing or social engineering. But they often get the information with a few simple internet searches or from social media.

Once he has the information, the thief may call your phone carrier, pretending to be you, and attempt a “SIM swap.” He may convince your mobile service provider to link your mobile service with the SIM card of a mobile phone in the thief’s possession. If successful, the mobile network will start sending calls and texts to the new SIM card – which is really the thief’s phone.

This will deactivate your phone, and the thief will start getting your calls and texts on his device, including authentication texts, one-time PINs or phone responses. This means the thief may be able to gain access to your financial or social media accounts.

What AT&T is doing

We are working hard with other major phone carriers and business partners to help prevent unauthorized SIM swaps. However, the thieves constantly change their tactics. So, we are continually enhancing safety measures, including:

sim_swap_3.jpg
sim_swap_4.jpg
  • Building tools to make it harder for someone to pretend to be you
  • Helping companies flag suspected thieves during online transactions by strengthening text-authentication tools
  • Training employees and customers to better recognize impersonation attempts
  • Expanding fraud detection and support
  • Applying advanced technology to detect and stop suspected unauthorized SIM swaps
  • Working closely with law enforcement to identify these criminals and bring them to justice

What can you do? 

These scams tend to target high-profile individuals. But it could happen to anyone. Here are a few tips to help avoid having your number taken over: 

  • Add "extra security" measures to your AT&T Wireless accounts. If you create a unique passcode on your AT&T account, in most cases we'll require you to provide that passcode before any significant changes can be made, including porting initiated through another carrier. You can learn more about passcodes at this link.
sim_swap_7.jpg
sim_swap_8.jpg
  • Don't share personal information online. Don't post, or at least carefully limit, information on social media that a thief could use to gain access to your accounts or convince someone he is you. This includes legal names, birth dates and information that could be an answer to a security question, such as a pet's name, your best friend or high school mascot.
  • Keep your personal email in box clean. Delete phone bills, bank statements and other emails that may include personal information. Don't store passwords, passcodes or pins in unencrypted or unsecure email accounts. This will help reduce the risk of your sensitive information falling into the wrong hands.
sim_swap_6.jpg
sim_swap_5.jpg
  • Be careful about sharing your mobile phone number. Consider using a different number, such as a landline, with businesses like grocery stores and dry cleaners. Limit sharing your mobile number anywhere it might be posted publicly or to many people, such as on social media, email signatures, and phone lists.
  • Add additional authentication measures to other accounts, such as financial accounts, and don’t use your mobile phone number as a source of security and authentication. For example, enable app-based two factor authentication on your accounts whenever possible. (These include Google Authenticator or Authy, and soon more apps and online services will use ZenKey, a joint venture of the three major US wireless carriers.)

Security experts recommend a number of additional safeguards for managing cryptocurrency.

  • Learn about the security measures available and make sure you are using the most secure authentication methods.
  • If you want to be particularly careful, store cryptocurrency in “cold storage” – an environment without online access.
  • Don’t store cryptocurrency wallet credentials online. Instead, write them down and keep them in a secure physical location.
  • When choosing financial investments and services, consider that some are protected from theft and fraud, others are not. For example, cryptocurrency accounts are not insured from theft like other types of traditional financial accounts. If cryptocurrency is stolen from you, it most likely cannot be recovered.
  • Protect all your financial accounts and information.

If you believe your SIM card has been swapped without your consent, report it to your carrier right away. Also, contact your financial institutions and email provider to protect your accounts.

You can also refresh yourself on our Cyber Aware tips to protect yourself online.