Merrimack County Savings Bank

Merrimack style is treating everyone – customers, employees and community members – with dignity, care, respect and compassion.

Rise in SIM Card Swapping Scams

Posted on May 1, 2020

Beware of an increase in Subscriber Identity Module (SIM) card swapping. A SIM card swap happens when a hacker pretends to be you and convinces your mobile device carrier to switch your phone number over to a SIM card that they own. A SIM card is the tiny memory chip inside a mobile device that carries an identification number unique to that owner. It stores the personal data for the owner and device. If it’s disabled or removed, your device will stop working. This swap can be easily done if the hacker has enough information to answer the security questions on your account.

By diverting incoming messages, the hacker can easily complete any text-based two-factor authentication checks that protect your most sensitive accounts. Or, if you don’t have a two-factor set up, they can use your phone number to trick services into revealing your passwords.

Two-factor authentication provides extra account protection by requiring two credentials to log in. Besides your password, you’ll need a second credential to verify your identity– most commonly a scan of your fingerprint, your retina or your face. The second credential could also be something you have like a passcode you get via text message, a security key or an authentication app.

Watch out for any of the following instances, as they might indicate you’ve been targeted:

  • Your cell phone suddenly stops working
  • You are unable to place calls or text messages
  • You receive an unexpected notification from your provider that your SIM card has been activated on a new device
  • You are not receiving the two-factor authentication push when logging into accounts

Protect yourself from SIM card swapping by:

  • Limiting what you share about yourself, including the information you post online and on social media
  • Don’t reply to unfamiliar calls, emails or text messages that request personal information
  • Set up a strong PIN or password on your cellular account
  • Consider using stronger authentication on accounts with sensitive personal or financial information

If you have fallen victim to this scam, contact your service provider to get a password reset and/or new SIM card. Once this is done, change the passwords of the accounts your device is connected to. We also suggest that you contact your local law enforcement, your financial institutions and review the information supplied by the Federal Trade Commission (FTC) on fraud and identity theft.