How SIM Card Hijacking Works

Last month a hacker who stole $5 million resulting from SIM Hijacking was sentenced to 10 years in jail. In the end, SIM Hijacking or SIM Swapping results in your phone number being taken. Your phone number is the key for 2-factor authentication and other verification processes.

Only one SIM card can be associated with a phone number. This puts the victim in the dark after it is stolen. The phone number has become the golden ticket for access. This makes it extremely sought-after for those attempting to extort money, steal handles or steal.

Here are the simple steps that are being used in the fraud:


1. Get Personal Data

Your personal info is obtained by a fraudster via some means. Data leaks have exposed millions of personal records. Obtaining the last four a social security number or a bit of information from a security question is all that is needed to make an attempt.

2. Convince a Carrier 

The fraudster uses personal info to convince mobile carrier to switch from current SIM to new SIM. There is even evidence that works at the carriers have been bribed or coerced to make the switch.

3. Take Over

With control of new number, fraudster logs into accounts by using two-factor authentication or one-time passwords. Requiring a phone number was supposed to give solid security for password retrieval and access. That trust given to a phone number has been used against the system.

3. Profit

The compromised accounts might be ransomed or used for other nefarious purposes. Accessing the financial records or others accounts are the most direct route to loss. People with high-value social media handles have been extorted to give those up. The phone number might be ransomed for Bitcoins.


The first thing someone concerned should do is call their carrier. Many carriers offer the option to require a PIN for switching SIM cards. Calling your carrier and setting up this PIN or notifying them of your concern for this hacking technique can prevent it from happening. 

Book a Free Consultation

Want to know how this relates to your situation or company? Book a free consultation with a CIPHER expert.

*** This is a Security Bloggers Network syndicated blog from Cipher Cyber Security Blog authored by Bill Bowman. Read the original post at: