If you don't know what SIM swapping is, it's a way for thieves to gain control of your phone by obtaining a SIM card designed for your device and inserting it into their own phone. Once this is done, the thief makes changes to various passwords and login credentials, locking you out of your own device. The attacker gains free access to your financial apps, transfers your money to their own accounts, and rips you off. You may think you're protected because you have two-factor authentication (2FA) that sends a code that must be applied correctly before opening an app, but that's not the case.
Once the attacker inserts your SIM card into their device, all 2FA notifications are forwarded to them, allowing the criminal to enter the correct code. This confirms your identity to a financial institution, even if you don't control the activity on your phone.
How does a thief get a SIM card that gives him control of your phone?
So how does a scammer get your SIM card? One way is for them to go into a mobile operator's retail store and pretend to be you, asking for a new SIM card. Hopefully most employees will ask for ID first, but we've heard of some cases where no photo ID was asked for. Another, even creepier method is for a paid employee to hand over a new SIM card to someone pretending to be you because they were paid well to do so.
Earlier this year, some T-Mobile employees received text messages asking them to help them swap SIMs for T-Mobile customers.
“I later called and asked for a supervisor and demanded that the investigation and results be made available to me. (On the day the incident occurred, the employee told me it was conducted by a store employee) so it was clearly an insider action. The supervisor said they couldn't announce any disciplinary action due to security and privacy reasons and I thought to myself, you obviously don't give a damn about my safety and privacy.” @jaylin0130
The T-Mobile The employee the account holder spoke to abroad told him that it was an “inside job” and that an employee of the store was responsible for the actions that led to his brother becoming a victim of a SIM swap. Although this happened last year, the account holder only recently received a letter from T-Mobile Confirmation that a SIM number assigned to his account has been changed without authorization.
T-Mobile admits that one of its customers fell victim to a SIM swap attack. | Image credit: @jaylin0130
The letter from T-Mobile said the customer's SIM card and mobile number were “temporarily linked to an unauthorized device” without the account holder's consent. The carrier goes on to say in the letter that it repaired the SIM card and ensured it was reassigned to the correct device.
T-Mobile has some suggestions to strengthen your protection against SIM swapping
In view of this T-Mobile the account holder was informed that an insider was involved in the SIM swap, this should be a warning to any cell phone user to act quickly if they receive a notification that their SIM card is no longer linked to their account number. Another indication of a possible SIM swap is the inability to make or receive a call or send or receive a text message on your device. If this happens to you, immediately get a working phone, call your cell phone provider and tell them you are the victim of a SIM swap.
To better protect your account, T-Mobile suggests that you update your account with unique and secure PINs and passwords. You should also T-Mobile.com page to review and improve your security options. You should also use facial recognition and multi-factor authentication on your device, although the latter may no longer help if a SIM swap attack has already taken place.
T-Mobile now offers a SIM protection feature
To show you how poor SIM card security is in the mobile industry, the first time the brother's phone line was attacked, he was able to get a new SIM card even though he was not an authorized user of the account. Be alert!
T-Mobile now has a SIM protection feature that you must disable before transferring a SIM or eSIM card to a new device. If the feature is not disabled, SIM swapping will not work. This will not work for eSIM cards used with iPhone models. T-Mobile Postpaid subscribers must register with T-Mobile App or T-Mobile.com with their T-Mobile ID. While you can add SIM protection as an authorized user, only the primary account holder can remove the feature.
To add this feature to T-Mobile Prepaid accounts, sign up T-Mobile.com with the primary line T-Mobile ID.