Our phone number is a unique attribute that helps us connect or register to online services. It also acts as a second-factor authentication - an important security measure designed to protect our online accounts. However, criminals have found ways to exploit this system by stealing people's phone numbers (a process known as SIM swapping) to gain access to their accounts.
Subscriber Identity Module (SIM) swaps and cloning have become a serious concern for the telecom industry and subscribers. Many telecom companies plan to switch to eSIMs to tackle swapping and cloning effectively. According to the Transparency Market Research report, the global eSIM card market will grow at a CAGR of 13.5 percent from 2017 to 2025. A significant driver of this uptick will be an increased awareness of security threats with regular SIMs and the need to remediate them.
What are SIM swaps?
A SIM swap is when someone contacts your wireless carrier and requests that your phone number be ported to a new SIM card. Once the swap is complete, the person who initiated it will have full control over any accounts that are linked to your phone number, including email, social media, financial, and even cryptocurrency wallets. They are also able to get a secure two-factor authentication (2FA) code via the swapped SIM. According to Tru.ID's statistical report, in 2020, criminals stole more than 100 million USD in the US with the help of SIM Swap, and such incidents have been increasing over the past few years.
How does SIM swapping work?
The SIM swapping process starts with a person impersonating you. They contact the target victim's mobile number carrier, claim a new SIM card, and activate it with the old number of the target user. Usually, fraudsters claim they have lost their original SIM and their phone. The mobile carrier or service provider requests the criminal to provide identity verification, such as security questions, last four digits of personal identity, account PIN, etc. Most fraudsters anticipate this hurdle and provide the information they gathered by either information gathering or social engineering.
As soon as the cybercriminal convinces the SIM service provider's customer service representative that they are legit, they get the target victim's phone number reassigned to a new SIM card. This way, the fraudster has essentially disconnected the phone number of the target victim and appropriated the ownership of the number. Now, the fraudster can bypass all two-factor authentication (2FA) to gain access to social media accounts and even change the target user's password for any online services.
What are the signs to recognize SIM Swap fraud?
Some common warning signs to recognize a SIM Swap fraud are:
You will not be able to contact anyone even though others with the same mobile carrier or service provider can
You get logged out automatically from various online accounts and services linked to your phone number
You might receive SMS from the mobile carrier or SIM service providers on re-registrations that you haven't claimed
How can eSIMs help prevent SIM swaps?
eSIMs play a critical role in protecting mobile numbers from SIM Swap attacks. eSIMs are chips attached to smartphones and enable you to connect to the network carrier without inserting a physical SIM card into your smartphone. Usually, to allow any network into your phone through your eSIM, you have to register yourself with your details and Personal Identifiable Information (PII). You can also set biometric authentication like face ID or fingerprints to enable multiple layers of security to your eSIM account.
Since there is no physical SIM card in an eSIM system, no one can fraudulently claim that their SIM card got lost or damaged as all the identity details reside in the owner's phone. eSIMS prevent cybercriminals from acquiring another SIM card or re-registering the number in their name.
As mobile numbers are a critical part of how you conduct your personal, social, and professional lives, protecting yourself against SIM swaps is vital. Here are some ways to keep your SIMs secure:
Reduce the amount of personal information you provide to internet services.
Watch out for phishing emails
Try not to use SMS as a two-factor authentication mechanism for online service
Choose a mobile carrier that offers eSIM services