Your mobile phone line is the artery through which data, calls and texts flow. It is also used to prove you are who you say you are for a plethora of accounts, from banks to messaging services.
But if it gets hacked or stolen, in what is known as a “sim swap” or “simjacking”, the consequences can be far worse than just being cut off from mobile data or calls. Unfortunately it is the kind of hack you don’t see coming. It happens in the background, with hackers using your personal data such as date of birth and address to con your network provider into swapping your phone number to a new sim in their possession.
If that happens it is important to act as swiftly as possible. Here’s what to do.
Keep an eye on notifications from your mobile network, which are usually delivered by SMS. These include information about activity elsewhere and alerts of change requests, such as your phone number being activated on another device.
Be aware of scams. Fraudsters may and try to trick you out of information using fake notifications. If you receive a message asking you to get in touch, double-check that any number you are given is legitimate before calling, or use a number from the provider’s website or a bill.
Any loss of service that prevents calling, texting or accessing mobile data and is not explained by outages or missed payments may be a sim-swap attack.
Loss of access to various accounts such as your bank or social media linked to your phone number could indicate hackers are in the process of trying to break in or have already changed your password and stolen the account.
Frequently review statements and account for unexpected charges, which may be a sign that you’ve been hacked.
Call your provider on the customer service number listed on its site using another phone. Have your phone number and details ready, including any account passwords you may have set. Explain what has happened and make sure your provider begins the recovery process and investigates how this has happened.
Ask your provider to block any “charge to bill” activity.
Contact your bank, crypto and other financial services immediately to ensure the hackers cannot get into your other accounts, which are typically their primary targets.
Contact your immediate family and anyone who could fall victim to a scammer pretending to be you and texting from your number.
Check any account you use your phone number for two-step verification. Change the two-step method if you can and set a new strong password.
Check your WhatsApp and other messaging services that use your phone number as the user ID.
Activate any and all security measures on your provider’s account. This includes using a strong password and two-step verification, and setting a sim pin on your phone, as well as adding a telephone customer service password and a sim transfer pin, if available.
Find out from your provider how the hack happened, and if possible, what personal data was used to break into your account. Consider using fake security question answers that cannot be guessed rather than real ones, just make sure you store them safely such as in a password manager.
Set a spend cap on your phone account.
As soon as you are sure you have full control again, reactivate two-step verification on your accounts and transition any that you can to authenticator app-based two-step verification, which is more secure.
Set pins on messaging services such as WhatsApp or Signal to make it much harder for someone else to register new devices or take over your account.
Contact your financial services providers to reactivate your accounts but keep watching out for fraud and query any unexpected transactions.
Look at your social media and other public-facing accounts for any information that could enable criminals to steal your identity to perform hacks such as this.