The Fraud Examiner

SIM Swapping: How fraudsters use your phone number against you

Julia Johnson, CFE     
Research Specialist, Association of Certified Fraud Examiners                                 

What is one of the smallest smartphone components, mostly forgotten about until it is time for a new phone, that can be used to commit fraud against a mobile device user? Subscriber identity module (SIM) cards are the tiny, portable memory chips that identify mobile device users by their phone numbers. In an emerging fraud trend referred to as SIM swapping, these fingernail-sized data storage units can be hijacked to gain complete control over another person’s phone number.

In this scheme, a fraudster contacts a wireless service provider pretending to be a customer. While impersonating the victim customer, they falsely claim that the SIM card associated with their account has either been damaged or lost. If successful, the victim’s previous SIM card will be deactivated, and a new one in the fraudster’s possession will be activated. This allows the fraudster to gain control of the victim’s cell phone number and reroute all calls and text messages to a device containing the newly activated SIM card.

Before contacting a wireless provider, the fraudster will usually engage in some form of social engineering to try and gain information about their intended victim that can be used to answer security questions related to the victim’s wireless account. This can be done by researching the victim’s social media accounts or gathering information about them from other public sources. The person attempting to SIM swap might also send phishing emails to their potential victim in hopes of obtaining other sensitive information that can be used to unlock their wireless account.

Sign In

Not a member? Click here to Join Now and access the full page.