SIM swapping continues to rise: How to defend against it

Security tips
 | 
February 23, 2022

Although most consumers are aware of traditional identity theft, many are unaware of the many techniques fraudsters use to steal millions of dollars from their accounts daily. According to a recent public service announcement, the Internet Crime Complaint Center received 1,611 SIM swapping complaints in 2021, an alarming increase from the reported 320 complaints from 2018, 2019, and 2020 combined – making SIM Swap fraud one of the fastest-growing and most damaging types of fraud today.

SIM swapping, also known as phone number cloning or phone number theft, occurs when a fraudster convinces the victim’s wireless carrier to port their phone number over to a new SIM card, giving the fraudster complete access to their incoming calls and text messages. Fraudsters convince agents at the carrier to make the “swap” by using information they’ve gathered online, through phishing attacks, or by purchasing personal information on the dark web to impersonate the victim.

Since multi-factor authentication is often linked to a mobile number, once a fraudster can start receiving one-time passcodes they can drain bank, brokerage, and cryptocurrency accounts in a matter of minutes. Recent FBI stats reveal Americans lost $68M from SIM swapping attacks in 2021 alone. With 97% of Americans owning a cellphone today, SIM Swap losses will only continue to increase as fraudsters are aware of how lucrative SIM swapping can be.  

Protecting your customers

The FBI recommends mobile carriers take the following precautions to protect against SIM swapping:

  • Educate employees and conduct training sessions on SIM swapping.
  • Carefully inspect incoming email addresses containing official correspondence for slight changes that can make fraudulent addresses appear legitimate and resemble actual clients' names.
  • Set strict security protocols enabling employees to effectively verify customer credentials before changing their numbers to a new device.
  • Authenticate calls from third-party authorized retailers requesting customer information.

The FBI recommends individuals take the following precautions to protect themselves:

  • Do not advertise information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums.
  • Do not provide your mobile number account information over the phone to representatives who request your account password or pin. Verify the call by dialing the customer service line of your mobile carrier.
  • Avoid posting personal information online, such as mobile phone numbers, address, or other personal identifying information.
  • Use a variety of unique passwords to access online accounts.
  • Be aware of any changes in SMS-based connectivity.
  • Use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts.
  • Do not store passwords, usernames, or other information for easy login on mobile device applications.

While the FBI offers consumers some practical information on how to protect themselves, there are ways you can systematically monitor your customer’s digital identity to help protect them-- and your business from SIM swapping fraud.  

Protecting your business

Once a fraudster has successfully ported a customer’s number over to their SIM card, they can bypass protective multifactor authentication security barriers and eventually lock the owner out entirely. While adding additional security – like app based authentication or biometrics – can help protect against these types of account take over, they also add friction to legitimate users who often choose convenience over security. SMS is ubiquitous and is often the most convenient solution for customers to add additional security to their account. Adding digital identity checks to high-risk or high-value transactions (like resetting passwords) to watch for recent SIM Swaps or ports can be highly effective in preventing these account takeovers.

As the leading authentication and digital identity player, TeleSign offers unparalleled protection. Our digital identity datasets intelligence strengthens and validates the user authentication process and evaluates fraud risks to serve as the last line of defense against SIM swapping attacks.  

SIM Swap detection allows you to verify if and when a mobile phone was swapped or ported and using a dynamic risk-based assessment, we help you to determine the fraudulent intent. TeleSign’s SIM Swap monitoring blocked more than 1 billion account takeover attempts in 2021.  

As we continue to rely on our mobile devices in our daily lives, the need to protect our digital footprint, personal information, and digital identity has never been more critical. Investing in additional layers of security will save you potential reputational harm, financial loss, and exhausted resources and keep your customers coming back.

To learn more about keeping customers happy, read our free eBook 'Building trust at every stage of the customer journey'.

Related posts