Mechanics of a SIM Swap Scam

Sim Swap scams are sophisticated and malicious tactics employed by fraudsters to gain unauthorized access to a victim's phone number and exploit it to access financial institutions using two-step authentication, among other things. Specifically, the scammer gains access to incoming texts and calls by convincing carriers to change the phone identified with an account, and can initiate a log-in reset or new log-in from a different device if the password is known. This scam is often done in connection with hacking crypto accounts because, once the account is hacked and the crypto is transferred out of the wallet, it is virtually impossible to economically recover the lost crypto.

Here's a step-by-step description of how fraudsters execute a Sim Swap scam:

1.???Gathering Personal Information: Scammers begin by collecting personal information about their target through various means. This may involve conducting extensive online research, utilizing social engineering techniques to gather information directly from the victim, or purchasing stolen data from the dark web. They gather details such as the victim's full name, address, date of birth, and mobile service provider.

2.???Impersonating the Victim: Armed with the collected personal information, the scammer contacts the victim's mobile service provider while posing as the victim. They may choose to call the customer service hotline or engage in online chat support, using various tactics to appear convincing and legitimate.

3.???Manipulating Customer Service Representatives: The scammer's objective is to deceive customer service representatives into assisting with the Sim Swap. They may use social engineering techniques, such as pretending to be a victim experiencing network issues, claiming a lost or damaged SIM card, or requesting an upgrade to a new device. They provide the victim's personal information to gain credibility and convince the representative of their authenticity.

4.???Initiating the Sim Swap: Once the scammer successfully convinces the customer service representative, they request a Sim Swap. This involves transferring the victim's phone number from their current SIM card to a new SIM card in the fraudster's possession. The fraudster may provide a plausible reason for the Sim Swap, such as upgrading to a new device or resolving network-related issues.

5.???Verifying Identity and Ownership: To validate their claim of being the legitimate account holder, the scammer may be required to provide additional information to the customer service representative. This can include answering security questions, providing the victim's social security number or other sensitive details, or even manipulating call center employees through social engineering techniques.

6.???Temporary Disruption of Service: During the Sim Swap process, there may be a temporary disruption of service on the victim's phone. This can include loss of signal, inability to make or receive calls or texts, or other indications of network issues. This disruption is often used as a distraction to prevent the victim from becoming immediately aware of the scam.

7.???Gaining Unauthorized Access: Once the Sim Swap is successfully executed, the fraudster gains control over the victim's phone number. This allows them to intercept incoming calls and text messages intended for the victim, including two-factor authentication codes, verification messages from banks or financial institutions, and other security measures.

8.???Exploiting the Access: With access to the victim's phone number, the fraudster can bypass security measures and gain unauthorized access to the victim's online accounts. They may proceed to exploit this access by logging into the victim's bank accounts, email accounts, social media profiles, or other online platforms. They can initiate unauthorized transactions, change account passwords, or manipulate personal information to their advantage.

Common signs of a SIM Swap scam include service changes with your mobile provider, an inability to send or receive texts and phone calls, security notifications on your account, and lack of access to your mobile apps.

It's important to note that Sim Swap scams are illegal and highly detrimental to the victims. Taking proactive measures to protect personal information, implementing strong security practices, and being vigilant for any signs of suspicious activity can help mitigate the risk of falling victim to such scams. If your crypto wallet or other account has been hacked, you should check with your service provider about whether there have been any changes to the phone identified with your account.

About the author:?Aaron Cohn is a partner with the law firm Weinberg Wheeler Hudgins Gunn & Dial. His practice focuses on business, investment, and employment disputes. Mr. Cohn may be contacted at [email protected] or (305) 455-9133.