Welcome to ITS! Learn more about our strategic partnership with Digital Seattle!

Marketing Team

By: Marketing Team on December 24th, 2020

Print/Save as PDF

What is a SimSwap Attack?


A Sim Swap attack is an emerging problem in the cybersecurity world and their influence has only grown. Learn more on how a Sim Swap attack can exploit you and your business. 

If you keep up with cybersecurity news then you have probably heard of a Sim Swap attack.  Essentially a Sim Swap attack is when a fake account takes over the access of someone's phone number and transfers it to a new Sim card.

Once the attacker has access to their phone number they are able to complete all sorts of troublesome attacks.

This has become an increasing problem as attackers exploit weaknesses in Two Factor Authentication systems.

Exploiting the Weakness

Too many people have their 2FA logins attached to mobile phone numbers. This is typically not advised because mobile phone companies expertly create their systems to be safe for 2FA systems. This is why we recommend using a secondary 2FA app for optimal security.

man holding his phone

When you use your mobile number for 2FA, anyone with access to your number can get into your accounts. So attackers get your number transferred to a new Sim card and now they are able to use it to get access to all sorts of accounts.

Think about all the time that you have had to reset a password and they send a code to your phone to confirm something. This will now be sent to the attacker's phone and they will be able to change passwords, get into accounts, and cause a whole lot of trouble.

But How Did They Get Your Number Transferred to a New Sim?

This is typically done through phishing and social engineering tactics. Phone companies will occasionally have to change your phone number to a new Sim for realistic reasons like your phone has been stolen and you need to have your number moved to a new Sim Card.

But how do phone companies confirm your identity when you need to move your number over?

This is done by confirming personal info. This is where social engineering comes into play.

Attackers can use personal info found online to help pretend to be you. It is amazing what a good attacker can easily find online with only a few clicks. This is one of the reasons its important to watch out how much information you put on social media.

Once they have moved your number to their new Sim Card then the Sim Swap attack is complete. Now they are able to cause all sorts of trouble. Mobile access is basically ubiquitous and if an attacker has your mobile number and the ability to make ingoing and outgoing calls, then your account is totally compromised.

What Can I Do?

The best way to stop a Sim Swap attack is to correctly use 2FA capabilities and remove your phone number as much as possible for those systems. Losing your mobile access can make life extremely difficult. After all, how do you then confirm your identity once someone else changes all your personal info?

Sim Swap attacks can be devastating, yet we are all vulnerable. Protect your Sim Card and your information online. Don't reveal too much and always make sure your data is secure through backup means. 

Relying too much on mobile ease can be our downfall. Always be on alert or you could be the next victim of the Sim Swap scam. 

3 Types of Cybersecurity Solutions your Business Must Have