SIM swap scam: is your phone number safe from hackers?

Technology has improved our lives, that’s for sure — but it can also be used for some pretty nefarious purposes. As more people store their personal information digitally, new possibilities open up for scammers and crooks. In our series on security, we’re taking a closer look at the common tactics that fraudsters use — such as the SIM swap scam.

You may not have heard of it yet, but this scam has become a growing concern for mobile phone users worldwide. Hackers are now targeting phone numbers, which can be the key that unlocks their access to people’s personal information, social media profiles, and even bank accounts. 

In this blog post, we'll explain what the SIM swap scam is, how it works, and most importantly, how you can safeguard your phone number. Read on to learn more about protecting yourself and your phone from the SIM swap scam.

Security at N26

At N26, security is our priority. Discover a 100% mobile banking experience

Learn more about security at N26

A SIM swap scam, also known as a SIM card attack or hijack, is a type of fraud where a hacker takes control of someone’s mobile phone number by transferring it to a different SIM card.

The goal of this scam is to get around multi-factor authentication and two-step verification processes. With those security processes, users receive a text message or call to their mobile phone as a way to verify their identity. That means that a SIM swap scam is very similar to a smishing attack.

To better explain SIM swapping, we should first clarify what a SIM card is. This little piece of hardware does a lot more than specify what your phone number is.

The acronym SIM stands for “subscriber identity module.” It’s essentially a small device that contains a chip. In order for your mobile phone to make and receive calls and texts, it has to have a SIM card. The information stored on your smartphone's SIM card authorizes your phone’s access to the mobile network. Without a SIM card inserted into your phone, it has to be connected to WiFi to use any apps. Otherwise, it’s not much more than a glorified camera.

The tricky thing about the SIM swap scam is that criminals don’t need physical access to your mobile phone or SIM card, just to your personal information. Here's how it works, step by step:

1. The hacker gathers personal information about their victim, such as name, date of birth, and social security number, for example, through phishing or social engineering.
2. The hacker contacts the victim’s mobile carrier and uses the personal information to pretend to be them, requesting a new SIM card for their phone number.
3. Once the new SIM card is activated, the victim’s phone number is transferred to the hacker's device, and they can intercept all calls and text messages.
4. The hacker can then use the victim’s phone number to gain access to other accounts that require multi-factor authentication, such as email, social media, and banking accounts.
5. The hacker can also use the phone number to reset passwords to these accounts and make it harder for the victim to stop the scam.

Pretty diabolical, right? To prevent SIM swap attacks, it's important to protect your personal information and enable multi-factor authentication with an authenticator app instead of SMS-based authentication. You can also contact your mobile carrier and ask them to add a PIN or password to your account to prevent unauthorized SIM swaps.

If you fall victim to a SIM card swap, it can mean more than simply losing your phone number. 

As numerous services enable you to reset your password with just a recovery phone number, the SIM swap scam allows criminals to infiltrate virtually any account linked to the compromised phone number. Therefore, they may be able to directly transfer money from bank accounts, sell more personal data on the black market, or further coerce their victims.

Here are a few signs your phone number might have been affected:

• You lost connection to the mobile network unexpectedly.
• You can’t make or receive calls or texts.
• Your account settings or passwords have been changed.
• Your other online accounts linked to the phone number have been accessed without your permission.
• There has been unusual activity on your bank accounts or credit cards linked to the phone number.
• You receive unexpected notifications or alerts from financial institutions or online accounts.
• You can’t log into your online accounts because of issues with multi-factor authentication.

First, the bad news: It’s possible for someone to steal your phone number if they have access to your personal information, such as your name, date of birth, and social security number. For instance, the scammer might use this sensitive information and then impersonate their victim, pretending that they’ve misplaced their phone.

In Europe, the SIM card system is a little different than in other countries, such as India and Nigeria. There, scammers only need to persuade or fool their victims into approving a SIM swap by pressing “1” during a phone call. Alternatively, shady telecom workers might end up on the payroll of a criminal organization and simply change customers’ phone numbers without their knowledge or permission.

It’s important to protect your personal information and monitor your accounts for any suspicious activity. So, how can you protect your phone number and personal information from hackers?

Now, the good news. There are several steps you can take to protect yourself from SIM swapping, for example:

• Use a strong, unique password for all your online accounts, including your mobile carrier account.
• Enable multi-factor authentication on all your accounts and use an authenticator app instead of SMS-based authentication.
• Contact your mobile carrier and ask them to add a PIN or password to your account to prevent unauthorized SIM swaps.
• Be cautious of phishing scams and never click on links or download attachments from unknown sources.
• Regularly monitor your accounts and credit reports for any suspicious activity.

By taking these precautions, you can reduce the risk of SIM swapping and protect yourself and your money. Want to read more? Check out our security checklist for keeping your phone number safe.

At N26, we work to keep your money and personal information safe. Thanks to push notifications every time money enters or leaves your bank account, you can catch any fraudulent transactions as soon as they happen. Plus, your N26 Mastercard is protected with 3D Secure technology, meaning that every transaction has to be validated with multi-factor authentication on your paired smartphone. If something looks suspicious, you can lock your card in your N26 app and contact our Customer Support team for help. And in case a transaction sneaks through that you didn’t make, we have a claims process in place to help you get a refund. Check out our accounts and find the right one for you today.