SIM swap scam is a type of cyberattack that involves taking over a victim’s phone number and using it to access their online accounts, such as email, social media, and cryptocurrency wallets. The attacker usually contacts the victim’s mobile service provider and convinces them to transfer the victim’s phone number to a new SIM card that the attacker controls. This way, the attacker can bypass the two-factor authentication (2FA) that many online platforms use to verify the identity of the user.
The cryptocurrency industry is particularly vulnerable to sim swap scams because many crypto platforms rely on phone-based authentication methods, such as two-factor authentication (2FA) or one-time passwords (OTP). These methods are supposed to add an extra layer of security to online accounts, but they can be easily bypassed by sim swap scammers who can intercept the codes and access the accounts. Moreover, cryptocurrency transactions are irreversible and anonymous, which means that once the scammers transfer the funds to their own wallets, there is no way to trace or recover them.
According to a report by CipherTrace, a blockchain security company, sim swap scams accounted for $30 million in losses in 2020, and the trend is expected to continue in 2023. Some of the notable victims of sim swap scams include Michael Terpin, a crypto investor who lost $24 million in 2018; Robert Ross, a father who lost his life savings of $1 million in 2018; and Gregg Bennett, a former Amazon executive who lost $164,000 in 2019.
Tekedia Mini-MBA edition 14 (June 3 – Sept 2, 2024) begins registrations; get massive discounts with early registration here.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
To perform a SIM swap, scammers need to gather some personal information about you, such as your name, date of birth, phone number, account number, and security questions. They may obtain this information from various sources, such as social media, phishing emails, data breaches, or malicious apps.
Once they have enough information, they contact your mobile carrier and pretend to be you. They claim that they have lost or damaged their SIM card and request a new one to be activated. They may also provide some fake documents or identification to convince the customer service representative.
If the scammers succeed in convincing the mobile carrier, they will receive a new SIM card with your phone number. This means that they can receive all the calls and texts that are meant for you, including the 2FA or 2SV codes that are sent by your bank, email provider, social media platform, or other online service.
With these codes, the scammers can access your online accounts and perform fraudulent activities, such as transferring money, changing passwords, stealing personal data, or locking you out of your accounts.
SIM swap scam is especially common in the cryptocurrency industry because of the following reasons:
Cryptocurrency transactions are irreversible. Once the attacker transfers the victim’s funds to their own wallet, there is no way to get them back.
Cryptocurrency wallets are often protected by 2FA that relies on SMS or phone calls. If the attacker has access to the victim’s phone number, they can easily receive the verification codes and access the wallet.
Cryptocurrency users are often targeted by phishing emails or messages that lure them to reveal their personal information or click on malicious links. The attacker can use this information to impersonate the victim and request a SIM swap from the mobile service provider.
Cryptocurrency users may not notice the SIM swap until it is too late. Unlike bank accounts or credit cards, cryptocurrency wallets do not have any fraud detection or notification systems that alert the user of suspicious activity.
If you are a victim of a SIM swap scam, you may notice some of these signs:
Your phone suddenly loses network signal or shows “No Service” or “Emergency Calls Only”.
You stop receiving calls and texts from your contacts.
You receive messages or emails from your online services that indicate suspicious login attempts or password changes.
You are unable to access your online accounts or find that they have been compromised.
You receive unexpected bills or charges from your mobile carrier or online services.
There are some steps that cryptocurrency users can take to prevent SIM swap scam, such as:
Use a different phone number for 2FA that is not linked to your main phone number. You can use a prepaid SIM card, a virtual phone number, or a hardware device that generates one-time passwords.
Use an app-based 2FA instead of SMS or phone calls. Some examples are Google Authenticator, Authy, or Microsoft Authenticator. These apps generate codes that are stored on your device and do not rely on your phone number.
Do not share your personal information or click on suspicious links from unknown sources. Always verify the sender and the URL before opening any email or message related to your cryptocurrency accounts.
Monitor your phone service and your cryptocurrency accounts regularly. If you notice any unusual activity, such as losing signal, receiving messages about SIM change, or seeing unauthorized transactions, contact your mobile service provider and your cryptocurrency platform immediately.
Use a reputable and secure cryptocurrency wallet that offers additional security features, such as encryption, backup, recovery, or multisig. Some examples are Ledger, Trezor, or Coinbase Wallet.
SIM swapping is a serious threat that can compromise your online security and privacy. By following these tips, you can reduce the risk of falling prey to this scam and protect your digital identity.