SIM Swapping: how to lose your phone without letting it out of your hands

The SIM Swapping attack allows a criminal to assign your phone number and gain access to all your accounts.

What is a SIM card?

SIM stands for Subscriber Identity Module (Subscriber Identity Module) and is a small removable chip card that is inserted into the phone. Each SIM card is unique and linked to your number. You can insert a SIM card into another phone, and your number and all account data will be transferred to the new device.

How does SIM card substitution work?

SIM Swapping begins with the attacker contacting your mobile operator, posing as you. He can say that he needs a new SIM card to activate the account, and the phone and the old SIM card are lost or damaged. The mobile operator will most likely request some information to verify your identity, for example, the security questions you specified or passport data.

After verifying your identity, a cybercriminal can reassign your phone number to his SIM card. In fact, he unlinked the number from your phone and linked it to his SIM card. At the same time, an attacker can reset passwords from all your accounts and pass any two-factor authentication. As a result, a fraudster can gain access to a variety of accounts, email, payment systems, social networks, online stores, etc.