SIM Swap Scams – How To Protect Yourself

Right now the newest way for scammers to separate you from your money is the SIM swap scam. Here’s how the scam works.

  • A fraudster gathers personal details about the victim, either by use of phishing emails, by buying them from organised criminals, or by directly socially engineering the victim.
  • Once the fraudster has obtained these details, they then contact the victim’s mobile telephone provider. The fraudster uses social engineering techniques to convince the telephone company to port the victim’s phone number to the fraudster’s SIM. This is done, for example, by impersonating the victim using personal details to appear authentic and claiming that they have lost their phone.
  • Once this happens the victim’s phone will lose connection to the network and the fraudster will receive all the SMS and voice calls intended for the victim. This allows the fraudster to intercept any one-time passwords sent via text or telephone calls sent to the victim, and thus to circumvent any security features of accounts that are associated with the phone. Be they bank accounts, social media accounts, etc.

There have been a growing number of cases of this scam happening in Canada, US and other places. I have heard of bank accounts being drained and the take over of social media accounts. The most famous of these is the take over of Twitter CEO Jack Dorsey’s Twitter account a few months ago.

Clearly this is a scam that you need to keep an eye on due to the impact that it can have on your life. The question is, how do you protect yourself from being a victim? To help with that, I reached out to TELUS as they have programs to help Canadians protect themselves online. Most notably TELUS Wise. They were kind enough to point me to a number of tools on their website that can help guide consumers on how to protect themselves from scams in general. But they also provided a few tips specific to SIM swap scams:

  • Limit the amount of personal information about you online. Be careful to not click on phishing emails (and texts) that ask you to provide and/or validate private information.
  • Don’t add your phone number to any online accounts where it is not necessary.
  • Use strong and unique passwords for each of your accounts.
  • Set up authentication methods that aren’t text based only.
  • If you think something is awry and/or if you can’t make or receive phone calls on your device, contact your wireless provider immediately.
  • Report the fraud to your local police and the Canadian Anti-Fraud Centre at 1-888-495-8501. Notify your bank and credit card companies. Contact the two national credit bureaus to request a copy of your credit reports and place a fraud warning on your file (Equifax Canada Toll free:1-800-465-7166 and TransUnion Canada Toll free: 1-877-525-3823).

Besides the above, one other thing that I do recommend is that you set up a PIN or a security code with your wireless provider. That way if someone tries to access your account to try and pull off a SIM swap, they’ll run into a brick wall as they won’t have the PIN. TELUS offers this security feature (In fact, when I signed up with TELUS, I had to come up with a PIN on the spot), and I have to assume that other wireless providers do as well. Thus you should contact them to see how you can set this up on your account.

SIM swap scams are on the rise. But the good news is that by taking the above steps, you can reduce the risk that you will be a victim.



Leave a Reply

%d bloggers like this: