A SIM card is a small chip in your phone that acts as the connection between your account and your phone. Your phone uses a SIM card to connect with the mobile network. Through the SIM connection, your mobile service provider links the phone to your number and account.
Thieves are motivated to find ways to steal your phone number. And they don't have to physically have your phone.
First, they target a person with valuable on line accounts. These could include a financial account with a lot of money or a social media account with a large following.
If you become a target, a thief gathers information about you like email, home address and phone numbers. They may try to trick you into revealing information about yourself through phishing or social engineering. But they often get the information with a few simple internet searches or from social media.
Once he has the information, the thief may call your phone carrier, pretending to be you, and attempt a "SIM swap." He will convince your mobile service provider to replace the SIM card in your phone with one in his possession. If successful, the mobile network will start sending calls and texts to the new SIM card - which is really the thief's phone.
This will deactivate your phone, and the thief will start getting your calls and texts on his device, including authentication texts, one-time PINs or phone responses. This means the thief may be able to gain access to your financial or social media accounts.
What AT&T is doing
We are working hard with other major phone carriers and business partners to help prevent unauthorized SIM swaps. However, the thieves constantly change their tactics. So, we are continually enhancing safety measures, including:
- Building tools to make it harder for someone to pretend to be you
- Helping companies flag suspected thieves during online transactions by strengthening text-authentication tools
- Training employees and customers to better recognize impersonation attempts
- Expanding fraud detection and support
- Applying advanced technology to detect and stop suspected unauthorized SIM swaps
- Working closely with law enforcement to identify these criminals and bring them to justice
What can you do?
These scams tend to target high-profile individuals. But it could happen to anyone. Here are a few tips to help avoid having your number taken over:
- Add "extra security" measures to your AT&T Wireless accounts. If you create a unique passcode on your AT&T account, in most cases we'll require you to provide that passcode before any significant changes can be made, including porting initiated through another carrier. You can learn more about passcodes at this link.
- Don't share personal information online. Don't post, or at least carefully limit, information on social media that a thief could use to gain access to your accounts or convince someone he is you. This includes legal names, birth dates and information that could be an answer to a security question, such as a pet's name, your best friend or high school mascot.
- Keep your personal email in box clean. Delete phone bills, bank statements and other emails that may include personal information. Don't store passwords, passcodes or pins in unencrypted or unsecure email accounts. This will help reduce the risk of your sensitive information falling into the wrong hands.
- Be careful about sharing your mobile phone number. Consider using a different number, such as a landline, with businesses like grocery stores and dry cleaners. Limit sharing your mobile number anywhere it might be posted publicly or to many people, such as on social media, email signatures, and phone lists.
- Add additional authentication measures to other accounts, such as financial accounts.
If you believe your SIM card has been swapped without your consent, report it to your carrier right away. Also, contact your financial institutions and email provider to protect your accounts.
You can also refresh yourself on our Cyber Aware tips to protect yourself online.