You may have recently heard of SIM swap scams, as they’re becoming a buzzy scam in the online safety world. One of the more important things you should know about SIM swap scams, though, is that they don’t actually involve a physical SIM card. Rather, they involve a scammer “stealing” your phone number by porting it out to their own SIM card, unlocking access to any and all other personal information you may have (think email accounts, bank accounts, personal accounts, and of course – your phone service account). Not to mention that any personal calls or texts to your number will also go to the scammer, not to you.
It’s a serious scam that can give you a lot of trouble if you fall for it, so we put together a comprehensive guide to help you prevent that from ever happening.
What is a SIM swap scam?
A SIM swap scam (also known as a port-out scam) is a type of scam in which an account – in this case, a phone number – is taken over by the scammer. By owning your number, the scammers can now request one-time verification codes to any of the accounts you tied to your number to access them. This can include banks (any financial institution, really), social media accounts, email accounts, insurance accounts, and more.
Once they have access, they can also lock you out by changing the password, and without your recovery phone number, you’d have a much harder time undoing all that damage.
How does a SIM swap scam work?
The silver lining in this scam is that it’s not actually all that easy – it takes some groundwork. In order to convince your phone provider to port your number out to their own device/SIM, the scammers need to already have your personal information. They obtain it either via phishing scams such as phishing emails, or by purchasing your data on the Dark Web from other companies’ data breaches (e.g. AT&T’s data breach this past summer).
Once they have your data (name, address, security answers, even passwords in some cases), they can contact your phone service provider and request a port-out under some believable excuse/pretence.
How do I know if I’ve been scammed?
One surefire way to know if you’ve fallen victim to a SIM swap scam is that your phone number will simply stop working. It won’t connect to the cell network, and you won’t be able to make calls, send texts, or surf the internet when you’re not connected to Wi-Fi.
TextNow Tip: This experience will be different if you’re using TextNow as your phone service. While your phone number can be ported out, it doesn’t control whether you get data service or not, as it’s not tied to your SIM card. So you will still be able to use data for all your other apps, but you will be notified that your number is gone and that you need to pick a new one.
How to protect yourself against a SIM swap scam
The good news is: SIM swap scams are easily preventable. Follow this guide and start implementing as many of the steps as you can to keep your phone number (and other accounts) secure:
1. Beware of phishing scams
The more information scammers can get from you, the more vulnerable you become to any scam. Know how to identify a phishing scam so you don’t fall for one.
2. Use a password manager
You know how when you sign up for an account Google or Apple will ask you, “do you want to remember this password?” and then save it for you? Well, in the case that someone is able to gain access to your Google or Apple accounts, they can then easily access all your other accounts without ever needing to find out your real password, because it will just be automatically filled in for them. Instead of using that, or writing your passwords in a digital notepad, or even worse – reusing the same password for everything – get a password manager. 1Password, LastPass, NordPass are all great options that will encrypt your passwords and allow you to access your account with one “master” password to make your life easier, while they also keep it safer.
TextNow Tip: Find the password manager that will allow you to do the most on the free version, otherwise you may find yourself adding on one extra monthly bill.
3. Set up 2-factor authentication using authenticator apps
It’s simple – to ensure that your number can’t be used for 2-factor authentication, don’t set it up for 2-factor authentication. Where you can, set up an actual authenticator app instead of your phone number or email (Google has a free one!), so all you have to do is open up that app to input a randomly-generated number (that’s refreshed every minute) into the account you’re trying to sign in as your extra security step.
What to do if your SIM has been swapped
As soon as you realize your number is no longer working, contact your mobile service provider immediately. If you’re using a phone number with a traditional carrier and don’t have access to cell service, ask a friend or family member if you can use their phone. Better yet, connect to Wi-Fi and download TextNow to get a free local number that you can use for any calls or texts during this time.
TextNow Tip: If your TextNow number was ported out, contact our live chat support on help.textnow.com between 10am-5:30pm EST for immediate assistance. Otherwise, you can contact our porting team directly at [email protected].
Next, freeze all your financial accounts before they’re compromised.
And lastly, while it is harder to disable 2FA without the phone number it was set up with, it is possible. If you saved the original “back up codes” provided, you can disable it with those. But in most cases, you may just need to contact customer support of the account the 2FA is set up with to disable it/secure that account.
STOP! Paying for phone service
With TextNow, you get unlimited talk & text, plus essential data, for $0/month. Stay connected without paying a penny on your phone bill.
How to report a SIM swap scam
Other than contacting your mobile service provider, you can also report the scam to the FCC, so they can gather more information on this type of fraud and use the data to set up better federal enforcement and consumer protection efforts.