Two-factor authentication has long been considered the gold standard for security when you’re logging into a money account (like a checking account or brokerage account). Instead of using email, as many did in the past, companies may require your cellphone number so they can text a code to you. But what happens if suddenly you can’t access your phone?
SIM swapping
The SIM card in your phone contains a chip that enables you to connect to your carrier of choice. For instance, if you are a Verizon customer, you will have a SIM card that connects to the Verizon network, allowing calls and texts to be made. SIM swapping is when someone tricks a carrier into changing your phone number over to a SIM card that person owns. Perhaps this person knows your personal details or purchased them on the deep web. Whatever the case, they contact your carrier and pretend to be you, then can gain full access to your phone.
Danger of SIM swapping
Usually if a criminal has enough information to impersonate you to the carrier, they also may know your bank login and password information. Even if they don’t know the specific password, if you’re like many people and use one password for everything, they could have purchased that and will use it to attempt to break into your money accounts. If they are successful, they can easily drain your accounts before you even know your number has been stolen.
Recent upswing
You might think this seems far-fetched, but the FBI noted that consumers lost over $68M to SIM swaps alone in 2021. Recent stories in the media include thousands being drained from checking and crypto accounts. One person claiming to have lost $23M of cryptocurrency is suing his carrier for damages.
How to know you’ve lost your number
The easiest way to tell that your number has been reassigned is that you can’t connect to your network anymore. Phone calls and texts no longer go through. Additionally, when a SIM card is no longer active, you may receive a message on your phone when you log in or the carrier might send you a notification that you’ve deactivated your card.
You may also notice by watching your accounts. If you can no longer access your bank, brokerage, or credit card accounts, there’s a pretty good chance someone has broken in and changed your access login and password. Or if you find transactions that you didn’t make, it could mean someone has your information which may have occurred through a SIM swap.
What to do
Contact the cellphone provider and any stolen account customer service department. If this happens to you, contact your cellphone provider immediately for their help in regaining your phone number. Then start calling your stolen bank account customer service departments.
Change your passwords. Try to access every money account you have to determine what accounts have been stolen. If you can access your account, immediately change the password and let the company know to watch for suspicious activity on your account. Once you have the money accounts changed, go into your other online accounts and determine if you can access them. If so, change those passwords too. (Oh, and use different passwords for each account).
Freeze your credit. If you don’t already have one, consider placing a freeze on your credit accounts.
How to stay safe
Unfortunately, if scammers have enough information about you, they may find it easy to steal your cellphone number. Other than basic online safety – like not clicking on emails from people you don’t know or providing personal information in response to an email – there are other steps you can take to protect yourself.
PIN code. Before I wrote this, I had no idea I had received a PIN code when I changed my cellphone service about a year ago. Having a PIN hopefully will block anyone from stealing your number. But again, don’t make the PIN your birthday or another easily guessed set of numbers.
Limit your information sharing on social media. There’s no need to publish your address or phone number on social media. Your friends and family know where you are, and no one else really needs to without you vetting them first. Limit what you provide for free to scammers.
Consider a different two-factor method. There are apps and even physical security keys that you plug into your computer so you won’t need to rely on texts for verification. Unfortunately, not all providers support physical keys, so double check before you go down this road.
Hopefully you won’t be the victim of a SIM swap. In addition to adding a PIN code to your account, check the website for (or call) your carrier to see what they are doing to limit SIM swaps. And I can’t say this enough – make sure you don’t use the same password for your money accounts. If you have a random account you don’t care about, using the same password is fine. But you need to have a different password for each of your bank, savings, credit card, mortgage, and retirement plan accounts.
Photo by Brett Jordan