One way to protect against fraud is by using two-factor authentication — for example, when logging into your bank account the bank will send a code to your mobile phone as an extra security measure. But what if a scammer hijacks your mobile phone number to receive the code? That’s what can happen with a SIM card scam.
Consumers using Hiya’s spam protection service through their mobile network operator or device manufacturer have been reporting SIM card scam attempts. When an unwanted call is received, consumers can report it to Hiya and can even write a comment describing the nature of the call, which helps Hiya identify specific scams and block similar calls for all users.
SIM card scams common worldwide
SIM card scams have been reported in many of the countries where Hiya operates, including the US, UK, Canada, Spain, France and Germany. Here’s a sampling of comments from users:
“Said they wanted to send me a 5G ready SIM card. Sent me a text with a PIN number which I read back. I checked with my phone provider who said it was not them and they locked my account.” – Hiya user in the U.K.
“Call from a scammer. He wanted my SIM card number.” – Hiya user in Canada
“My identity was stolen! I just changed my phone # and SIM. Hacker hijacked all of my emails and has control of my phone.” – Hiya user in the U.S.
SIM card scams seem to be especially common in the UK. Many users reported a scam that works like this: A fraudster calls claiming to represent one of the major mobile phone providers in the UK, stating that the customer needs to replace their SIM card. The caller might claim the current SIM needs to be updated to newer technology, or that it’s necessary because of a merger with another mobile network operator. Then the caller requests the user’s email address and sends the user a code, which is actually a password-reset code. If the user reads the code back to the scammer, the scammer can then change the password on the account and take control of the mobile phone account.
SIM cards can be a physical card inserted into a mobile phone, or embedded into the phone itself as with an eSIM card. SIM cards contain a unique ID that links to the account owner’s phone number and they store personal and calling data.
Many types of SIM card scams
There are many types of SIM card scams. Here are some of the most common ones:
Port-out scams – It’s perfectly legal to “port out” your mobile phone number, for example when you switch to a new mobile network operator or lose your phone. However, scammers may try to impersonate you to convince your phone provider to port out your number to a phone they control. According to the US Federal Communications Commission, “This typically begins a race where the scammer, by receiving the victim's private texts and calls, tries to reset the access credentials for as many of the victim's financial and social media accounts as possible before the victim realizes they have lost service.”
SIM swapping – “SIM swapping” is a term that often means the same as a port-out scam, but sometimes it refers to the physical swapping of a SIM card from one device to another. For example, a stranger might ask to borrow your phone to make an urgent call, but while you aren’t looking they may swap your SIM card with one they put in. Once they have your SIM, they control your mobile number.
SIM splitting – SIM splitting (also known as cell phone cloning) is where a scammer replicates the ID of a legitimate mobile number. According to the FCC, “Every cell phone has a unique factory-set electronic serial number (ESN) and a mobile identification number (MIN). A cloned cell phone is one that has been reprogrammed to transmit the ESN and MIN belonging to another cell phone. Scammers can steal ESN/MIN combinations by illegally monitoring the radio wave transmissions from the cell phones of legitimate subscribers. Scammers can then run up expensive toll charges and the legitimate phone user gets billed for the cloned phone’s calls.”
How to protect against SIM card scams
How can you protect yourself against SIM card scams? The CTIA, which represents the U.S. wireless communications industry, recommends these steps to avoid SIM scams:
- Establish a PIN on your mobile phone account that is required for account access.
- If you stop receiving any calls or texts, and you don’t know why, contact your wireless provider immediately.
- Limit sharing your phone number in situations where it might be widely posted or distributed.
But the best way to protect against SIM card scams is to block fraud calls before they ever reach your phone.
For mobile network operators, there’s Hiya Protect, a complete call protection solution that enables mobile network operators to block fraud calls and label suspected nuisance calls to protect subscribers.
For individuals who do not have spam protection through their mobile network operator, there’s the Hiya Spam Blocker app, which can be downloaded from the App Store and Google Play.
For business professionals and employers with bring-your-own-device policies, Hiya recommends the Hiya AI Phone app, which features AI-assisted call screening, AI-voice and deepfake protection, and real-time scam protection that provides on-screen warnings when it detects language and tactics used by scammers.
.jpg)
