SIM Swapping: The New and Popular Digital Scam

ChatMail   |   April 1, 2022

SIM Swapping: The New and Popular Digital Scam

When it comes to digital security, most people think a data breach is the result of cracked encryption. Hollywood movies help people imagine ingenious hackers using sophisticated, mysterious computer skills to access someone else’s sensitive information.

This dramatic image belies the truth. Information breaches are often caused by more mundane slips. One of the newest tricks data thieves use is SIM swapping, which is also known as port-out scamming, SIM jacking, or SIM splitting.

Learning about new ways scammers operate reinforces the need for a fully encrypted phone and may help you steer clear of dangerous practices.

How does SIM Swapping Work?

Subscriber Identity Module is where the acronym SIM comes from, which describes what these little cards do. SIMs hold information connected to your cellphone number to authenticate you on a network. Your SIM lets you connect to a mobile network when you cannot use Wi-Fi.

However, the same benefits of a SIM card can be used to exploit your privacy. Fraudsters can impersonate you when talking to your mobile carrier, claiming they lost or damaged their SIM card, the one registered to your phone. If the service provider believes the scam, they’ll issue a new one.

However, the new SIM card will be connected to a phone in the swindler's possession. Once the ploy convinces your mobile carrier they are you and a new SIM card is obtained, they can get full access to your digital identity and wreak havoc on your life. This may even include transferring your financial assets into their bank account. But why would a mobile phone carrier trust an imposter?

SIM swapping scams have a backstory, with the threat actor gleaning as much personal information about you as possible via phishing emails, the dark web, malware, or by browsing your social media.

Hackers can intercept your text messages including those used in weak two-factor authentication, like the one Google Authenticator uses, to verify your identity. The second step usually involves sending a confirmation number to your phone through a text message. This is why you are recommended to use alternative methods for 2FA, such as FIDO2 technology.

Armed with enough details, cybercriminals can hack past your safeguards, which is why you need a strong password.

Kids as Victims

Online games regularly use in-game purchases, which means kids have become part of the internet economy, moving real money around while at play. A gaming application, Roblox, is notorious for hacking. With an estimated 2.5 billion accounts, Roblox currency, Rubox, was recently considered more valuable than the Russian ruble. Half of all kids in the US play Roblox, so it is a safe bet many of their accounts have been caught in phishing schemes with their valuable in-game items “beamed” – a Roblox term for stolen.

A story reported in Motherboard examined how players are robbed in the game. One player’s profile was taken over with his email address access deleted from the account, so he was unable to verify the account was his. Days later, he found someone selling his limited items, identifiable by a unique serial code, on an underground market for Bitcoin.

The same article noted another victim, with extremely valuable limiteds, believed he was SIM jacked. The gamer noted a ‘no SIM’ message was displayed on their phone during the attack, a telltale sign of SIM swapping.

Scammers also conduct attacks within the virtual worlds of video games. They might approach someone’s avatar with a compliment to befriend a target before asking for compromising details in the form of a .har file, a chunk of data containing their Roblox login token.

High-Profile Adult Victims

One of the most high-profile victims of a SIM swap was former Twitter CEO, Jack Dorsey. Hackers gained control of his phone number and made offensive tweets from his account for a brief 15-minute period before he regained control of his account again.

If the CEO of a tech company can fall victim to this type of scam, it’s a sign everyone needs to take smartphone security seriously. While SIM swaps are increasing, the most popular apps are another major security liability.

Some third-party applications store your data improperly, share it with marketers, legal authorities, or even sell it as a part of their business model.

How to Know If You’ve Been Scammed

Using a smartphone that lets you download free applications means you’re vulnerable to SIM swaps and other similar scams.

There are tell-tale signs to alert you that your device has been breached:

  • You can’t place calls or texts, which is a sign your SIM card has been taken over
  • You are notified of activity on your account you don’t recognize
  • Your login credentials no longer work for your bank or credit card
  • A “no SIM” sign appears on your phone

If you notice any of these signs, respond immediately by reporting it to your service provider.

To avoid these vulnerabilities, you need a device with military-grade encryption, an abundance of secondary security features and proprietary server storage to protect you and your business.

The variety of data threats that exist today testify to the fact fakers are usually one step ahead of the rest of us. That’s why we don’t allow third-party apps and internet browsing on our custom solution. ChatMail. Engineered for Security. Designed for Privacy.