Cellphones are an essential part of our day-to-day lives. Now, the FBI is warning the public about a scam that could compromise your phone.
The federal law enforcement agency says crooks are using so-called “SIM swapping” to rob people of millions of dollars by stealing money from fiat and virtual currency accounts.
In this scam, fraudsters use various methods to target mobile carriers and, ultimately, gain access to sensitive information on your phone:
- Social engineering. A crook impersonates you and fools your mobile carrier into switching your phone number to a SIM card owned by the criminal.
- Insider threat. The fraudster pays off someone at your mobile provider to switch your phone number to the crook’s SIM card.
- Phishing techniques. Criminals deceive mobile carrier employees into downloading malware that allows the thieves to hack mobile carrier systems and perform SIM swaps.
When fraudsters succeed in these SIM swaps, all your calls, texts and other data are diverted to them. With a little ingenuity — such as sending “account recovery” emails to reset passwords — the thieves soon have access to much of your most private information.
The FBI says the number of SIM swapping scams has exploded. Last year, the FBI Internet Crime Complaint Center received 1,611 SIM-swapping complaints with adjusted losses of more than $68 million.
For comparison, for the entire period from January 2018 to December 2020, victims filed 320 complaints with adjusted losses of approximately $12 million.
Fortunately, there are steps you can take to avoid being ensnared in such a scam. According to the FBI, they include:
- Avoid talking about your financial assets on social media websites and forums. Never post personal information online, including your phone number or address.
- Do not give your mobile number account information to those who call and request your account password or pin.
- Never use the same password for more than one account
- When you access accounts online, use techniques and tools that boost your privacy, such as biometrics, physical security tokens and standalone authentication applications.
- Avoid storing passwords, usernames or other information on mobile device applications.
For more on avoiding scams, check out “The 3 Biggest and Scariest Scams of the Year — by Far.”