The Federal Bureau of Investigation (FBI) is warning of the increasing use of Subscriber Identity Module (SIM) card swapping by hackers to steal money from bank accounts. From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to SIM swapping incidents with adjusted losses of approximately $12 million. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.
What is a SIM card?
A SIM card is a tiny memory chip inside a mobile device that stores a large amount of data. SIM cards not only contain basic identifying information about a phone that’s unique to the owner, but also personal contact lists and text messages. Without a SIM card, a phone is unable to connect with a cellular network to make a call or send text messages.
How does a SIM swap work?
A SIM swap happens when a hacker pretends to be you and convinces your mobile device carrier to switch your phone number over to a SIM card that they own. Once the SIM is swapped, all of your calls, texts, and other data are diverted to the hacker.
The SIM swap allows the hacker to send ‘Forgot Password’ or ‘Account Recovery’ requests to your email and other online accounts associated with your mobile phone number. Now the hacker has access to complete any text message-based two-factor authentication in which a link or one-time passcode is sent via text to your number, now owned by the hacker, giving them control over your online accounts.
How to tell if you have been targeted
- Your mobile phone suddenly loses service.
- You are unable to place calls or send and receive text messages.
- You receive notifications that your SIM card has been activated on a new device.
- You cannot log into your online accounts (social media, email, and bank accounts).
How to protect yourself from being targeted
- Do not store usernames or passwords on your mobile phone.
- Use a variation of unique passwords to access online accounts.
- Use strong multi-factor authentication on accounts with sensitive personal or financial information.
- Limit what you share about yourself (financial assets, phone number, address), including what you post on social media.
What to do if you have been targeted
- Immediately contact your mobile carrier.
- Contact your financial institutions to place an alert on your accounts.
- Access your online accounts and change your passwords.
- Report the activity to your local law enforcement agency and the FBI’s Internet Crime Complaint Center at ic3.gov.
If you’re a Merrimack customer and are concerned your personal or financial information was compromised, please call us directly at 603.225.2793 so we can assist with protecting your accounts and identity.