Cell phones contain a removable card, known as a Subscriber Identify/Identification Module (SIM) which stores personal information. Swapping or SIM Hijacking is a sophisticated form of fraud where cybercriminals gain control of a victim's phone number by convincing the mobile carrier to transfer it to a SIM card under their control. Attackers often collect personal information from social media or use phishing techniques. Common security questions (e.g., birthday, mother’s maiden name, high school attended) can be easily answered by browsing the victim’s online profiles. The consequences of a successful SIM swap attack can be severe. In many instances, a successful attack against an individual’s banking, brokerage, retirement, or other accounts is irreversible, resulting in permanent loss of assets.

To mitigate the risks associated with SIM swapping, the following are recommended:

1.     Contact Your Mobile Carrier and enable proactive protections: Contact your mobile carrier to inquire about additional security measures they offer to protect against SIM swapping. These may include PIN, passwords, or other authentication methods to verify your identity before making any changes to your account.

2.     Enable Extra Security Features including Multifactor Authentication: Take advantage of any security features provided by your device and applications, such as biometric authentication (fingerprint or facial recognition) and app-based authentication methods like Microsoft Authenticator.  

3.     Monitor Account Activity: Regularly review your mobile carrier and bank account statements for suspicious activity, such as unauthorized SIM card changes or unexpected charges. Promptly report any discrepancies to your carrier and financial institution.

4.     Keep your devices and apps updated. Regular updates often include security patches that can protect against known vulnerabilities.

5.     Educate Yourself and Colleagues: Stay informed about the latest cybersecurity threats and best practices for safeguarding personal and professional information.

6.     Implement Strong Passwords: Ensure that all accounts associated with your personal and professional life have strong, unique passwords.

7.     Exercise Caution Online: Be cautious when sharing personal information online, especially on social media and public forums. Cybercriminals often gather information from these sources to facilitate targeted attacks.