Smartphone Hijacking Hits the Big Time — Here’s How to Protect Yourself

Photo by fizkes /

It was a shock in August when Twitter CEO Jack Dorsey’s Twitter account started sending out racist Tweets. He’d been hacked, of course, but perhaps the biggest shock of all was how easy it was — @jack was the victim of simple SIM card swapping.

SIM “hacking” isn’t new — it’s basically cellphone hijacking — but it’s become much more important of late, for a whole host of reasons. The biggest: Our smartphones have become our new passwords, so criminals who can control the gadgets can control our digital lives.

We’ve spent years (rightly) pushing consumers towards two-factor authentication, but as so often happens in the world of security, we’ve traded one problem for another. We all agree that Social Security numbers make terrible passwords, so we’ve switched to phone numbers now. And the fallout is just beginning.

Everyone who’s ever upgraded their cellphone at home knows what a SIM card swap is. You tell your mobile provider to send your calls and texts to your new phone, rendering the old one useless. This can involve the literal swapping of a SIM (subscriber identification module) card. Today, it often happens via software and over-the-air updates. Easy enough.

The problem occurs when a criminal convinces a mobile provider to “upgrade” your phone to a phone that the criminal controls. That means the criminal is now able to intercept all calls and text messages headed to you. Big problem. If your bank is looking to authenticate you with a six-digit code at login, well, there goes that security method. And if you are the CEO of Twitter, a SIM card swap hack can give criminals a chance to publicly embarrass you.

It should also make you think: Wouldn’t Twitter Jack have pretty tight controls on his account? Yet still criminals were able to access it? Can you think of anyone else with a high-profile account that would make a juicy target for hackers?

You are a juicy target, too. I’ve written a lot about theft from Zelle and other P2P payment accounts recently. Some victims have no idea how it happened, leading me to imagine that in some cases, SIM card swapping could be at play. Really any account that relies on an SMS text message for login could be a target.

If you are a smartphone owner, this should make you personally nervous. Think of all the things criminals could do if they could access your text messages.

Mobile providers are trying to fix this problem, but they are a long way from having a great solution. In the meantime, you have to act to protect yourself. I’m really glad Liz Weston wrote about this recently for the Associated Press and NerdWallet. You should read her story in the Washington Post, which includes a few thoughts from me.

But here’s my need-to-know information for you:

  • Know the signs: If you are the victim of a SIM swap, your handset suddenly won’t work. Texts won’t go through. That might look to you like you just hit a spot with no cell signal, but your phone won’t show a weak signal: It’ll show no signal. If this happens, be on heightened alert. Maybe it’s a false alarm. But now you know that maybe it’s a sign you’ve been hacked. Now, time is of the essence. Criminals aren’t doing this for fun, they are doing this to steal money.
  • Have an emergency plan: If your phone is hacked, it won’t work. So, you can’t count on calling customer service to ask what’s wrong. Your phone won’t work! Do you have a second phone, or quick access to one? Do you know how to tweet at or email customer service, or use Skype from a laptop? When a SIM hack happens, you need to reach out to your mobile provider fast. Have a plan for that.
  • Be ready to teach customer service: When you reach an operator at your mobile provider, don’t count on him or her knowing what’s going on. SIM swapping is still new to some of them. You might have to teach them what it is. Keep this story handy, or Liz Weston’s story. Send them to my website. The quicker you get past front-line customer service to a knowledgeable operator, the less time hackers will have to root around your digital life.
  • Use an authenticator, not SMS: Two-factor authentication is good. But using SMS/text messages as that second factor isn’t great. Many sites allow use of a token generator, like Google’s Authenticator app. That’s a much safer way to protect your accounts than text messages. Make the switch now, while you’re thinking about it.
  • Consider adding a PIN code: Yes, another one. To your mobile account.

More from Bob Sullivan:

What’s your take on this news? Sound off in a comment below or on the Money Talks News Facebook page.

Disclosure: The information you read here is always objective. However, we sometimes receive compensation when you click links within our stories.

Most Popular
New Retirement Bill Would Help Savers of All Ages
New Retirement Bill Would Help Savers of All Ages

With bipartisan support, this bill could help millions of workers and retirees boost or conserve their retirement savings.

If You Find This Thrift Shopping, Buy It
If You Find This Thrift Shopping, Buy It

This iconic dinnerware is prized for everyday use as well as reselling for profit.

3 Colors That Can Ruin Your Car’s Resale Value
3 Colors That Can Ruin Your Car’s Resale Value

Select the wrong color for your next car, and it could depreciate twice as fast as others.

20 Things That Are Actually Worth Stockpiling
20 Things That Are Actually Worth Stockpiling

You don’t need a year’s supply of toilet paper to survive an outbreak, but consider stocking up on these items.

9 of the Best Things to Do When You Retire
9 of the Best Things to Do When You Retire

You’ve waited all your life for this moment. Make the most of your retirement.

Beware This Hidden Ingredient in Rotisserie Chicken
Beware This Hidden Ingredient in Rotisserie Chicken

Something foul may lurk in those delicious, ready-to-eat birds.

View More Articles

View this page without ads

Help us produce more money-saving articles and videos by subscribing to a membership.

Get Started

Add a Comment

Our Policy: We welcome relevant and respectful comments in order to foster healthy and informative discussions. All other comments may be removed. Comments with links are automatically held for moderation.