SIM Swap Scam

Dear Dr. Per Cap:

I hear about hackers who target people when upgrading a phone.  How big is the risk?

Signed,

Ready for 5G


Dear Ready for 5G

There’s a loophole when a person changes phones and transfers an existing number to a new device.  Like so many fast paced scams it’s frighteningly easy to pull off.

Here’s how.  A person calls your phone carrier pretending to be you and asks for a phone upgrade.  Worse yet, they might already know your phone’s personal identification number (PIN).

How does someone get your phone’s PIN?  Ask one of the 50 million T-Mobile customers who recently had their personal information compromised when the company’s servers got hacked.

Once a criminal convinces a carrier they’re you, they request to have the SIM card currently paired to your phone number transferred to a new phone or device.  Yeah, in a perfect world a customer service rep might think twice about someone claiming a descriptive Native American last name – depending on the tribe you know the kind of names I’m talking about.  However, it’s shocking how quickly an account takeover can occur, especially when not every Native person has a distinct sounding name, voice, or location.

Then all bets are off.  Now the scammer can intercept two-factor authentication codes to log into your online accounts.  They can access email, social media, mobile banking, or payment apps like PayPal and Venmo to steal money or impersonate you for some other ill-gotten gain.  There’s also a wave of SIM card scams aimed at stealing people’s cryptocurrencies through online trading platforms like Binance and Coinbase.

A major red flag that you’ve been hit with a SIM card swap is if your phone mysteriously loses signal for an hour or two.  In fact the scam often occurs at night when there’s a good chance you’re either asleep or raiding the fridge for the last slice of grandma’s chokecherry pie.

With so much money and personal information accessible by phones, SIM card swaps are an illegal gold mine for fraudsters.  Not helping matters are mobile carriers and regulators who are all over the board with regard to laws and rules for how to safely allow customers to switch numbers between phones and carriers.

So how can you prevent an illegal SIM card swap from ruining your life?

First call your carrier or visit its website to create a password or PIN for your wireless account in addition to the PIN for your phone.  This adds another layer of protection before a scammer can do a swap.  Then safeguard this password along with all your other passwords and PIN’s using an online password manager.

Also be sure to opt into two-factor authentication for all of your online accounts.  This requires a user to enter a time sensitive password sent via email or text before logging in or making a transaction.  I know.  They’re a hassle when you’re in a hurry to load up on Tanka Bars on Amazon, especially if you’re like me and have a habit of leaving your phone in another room.  But trust me – it’s worth the extra effort.

On my end I’m planning to send letters to all the major wireless carriers recommending that any SIM card swaps require a caller to first say the words “SIM swap scam” four times as quickly as possible.


Ask Dr. Per Cap is a program funded by First Nations Development Institute with assistance from the FINRA Investor Education Foundation. For more information, visit www.firstnations.org. To send a question to Dr. Per Cap, email askdrpercap@firstnations.org.