3 ways to fight SIM-swapping – Follow this cybersecurity checklist to protect yourself

March 19, 2022

By Kim Komando

Every cybersecurity threat has the potential to snowball into an avalanche of issues — but some are more dangerous from the jump. Experts say you should watch out for impending cyberattacks, thanks to the Russia-Ukraine war. SIM swapping is an especially dire threat since it takes over your smartphone, rendering it useless.

Basically, a cybercriminal scrapes personal data, either from your social media accounts or from a security breach. Tap or click here to see if your info is floating around on the web. They use that information to call your phone carrier, pretend to be you and claim your phone is lost.

The carrier then provides a new phone and SIM card, disconnecting your old line and transferring everything to the criminal’s device. This means your phone will stop working; you won’t get any calls or texts. SIM swapping is a huge issue, which is why you should use these three preventative strategies.

1. Enter a passcode when you change your SIM card

If you’ve never been a victim of SIM swapping, you should do two things. First, count your lucky stars. Second, call up your phone provider and set up a PIN, so you never become a victim.

Here’s a quick review if you’ve never heard of SIM swapping. Scammers break into your phone by transferring the data on your SIM card onto one of their own. They do this by calling your mobile provider, pretending to be you, and linking your phone number to the SIM card in their phone.

Your mobile carrier then deactivates your SIM card. That means the criminal gets access to your phone number.

This access allows criminals to send forgotten passwords or account recovery requests to your email and other online accounts associated with your mobile phone number. 

Now the crooks will receive 2FA codes intended for you, which gives them access to your online accounts. The criminal uses the codes to log in and reset passwords, gaining control of online accounts associated with your phone profile.

You may think, “My mobile carrier would never fall for that!” Actually, it happens all the time, according to the FBI. The bureau says SIM swapping schemes cost victims more than $68 million in 2021.

How to set up a PIN or passcode for your wireless account

To protect yourself, contact your mobile carrier or head to its website. Make sure to set up a PIN or passcode that you have to enter to make changes to your SIM card. Now, criminals will have to know this PIN to break into your device.

The specific steps depend on which carrier you use. Many carriers have different names for this service. For example, AT&T calls this feature Extra Security.

How to turn on Extra Security to get SIM protection with AT&T

  1. Head to your Profile.
  2. Tap or click Sign-in info.
  3. Select your wireless account from the dropdown menu.
  4. In the Wireless passcode section, select Manage extra security.
  5. Check extra security and re-enter your passcode to confirm it.
  6. Check or uncheck extra security and re-enter your passcode if prompted.

How to get SIM protection with Verizon’s Number Lock feature

Verizon’s Number Lock feature literally locks your account. Your number can’t be ported to another carrier until you move the lock. Follow these steps to turn it on:

  1. Sign into your Verizon account online.
  2. Head to Account > Account Settings > Security Settings.
  3. Click Number Lock.
  4. You’ll see your mobile phone number(s). Select On.

SIM swap attack prevention with T-Mobile phone

If you’re on T-Mobile or Metro by T-Mobile, you can set up a PIN or passcode for your SIM card. The feature is called Account Takeover Protection. To activate this feature, follow these steps:

  1. Sign into your T-Mobile account online.
  2. Under My Line, tap or click View Details.
  3. Head to the Lines and Devices section.
  4. Then, tap or click on the specific line you want to protect.
  5. Select Manage Add-ons.

From there, you can select Account Takeover Protection. Tap or click here for a direct link.

This is just the first step in your protection journey, though. These steps stop people from porting your number out … but there are still more ways to fight against SIM swaps. Check them out below.

2. Tell your carrier to only port your number when you show up in person

This is another option to take advantage of. Your carrier may not offer it, so call them to make sure. Ask the customer service rep to have a note placed on your account.

This note will tell your carrier only to port your number if you show up in person. This is another reason why you should use biometrics. Even if someone does impersonate you, they can’t port your number because they don’t have your finger, eyeball or face. (Knock on wood!)

3. Use authenticator apps instead of 2FA to fight SIM swapping

One great way to protect your important accounts is by using two-factor authentication (2FA). Whenever you log into your account, you have to confirm your identity by answering a prompt on another device. It stonewalls scammers because while they may know your password, they can’t intercept the 2FA text or email sent to you.

All of that goes out the window when SIM swapping is involved. When a criminal remotely takes over your phone, all login confirmations go to their phone. You’ve lost control of your iPhone or Android.

Thus, we recommend using authenticator apps. They generate one-time codes you use to log into accounts. The best part is that the codes generate within the app.

Essentially, it’s harder to break into an account you secured with an authenticator. An attacker would need to know your secret key. Oh, and they would also need to be able to break into the encryption algorithm. Tap or click here for our simple and easy guide to authenticator apps.

Bonus: Use a password manager to help yourself remember all your strong, original passwords

You shouldn’t reuse the same password. It would be best if you created original passwords for each account. Those can be hard to remember. Luckily, you don’t have to.

With a password manager, you can put everything in one place. Our IT geniuses swear by LastPass. If John and Jeremy’s words weren’t enough, trust our content queen, Allie. She swears by this app.

https://www.komando.com/news/devices/fight-sim-swapping/