{"id":65027,"date":"2021-04-07T16:15:00","date_gmt":"2021-04-07T23:15:00","guid":{"rendered":"https:\/\/blog.mozilla.org\/foxtail\/?p=65027"},"modified":"2021-10-04T11:24:14","modified_gmt":"2021-10-04T18:24:14","slug":"mozilla-explains-sim-swapping","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/","title":{"rendered":"Mozilla Explains: SIM swapping"},"content":{"rendered":"\n

These days, smartphones are in just about everyone\u2019s pocket. We use them for entertainment, sending messages, storing notes, taking photos, transferring money and even making the odd phone call. Our phones have become essential appendages to life. If you\u2019ve ever physically lost your phone, you know that sinking, desperate feeling of checking all your pockets and bags and fearing\u2026 can someone see my stuff?<\/em> Get ready because there\u2019s another way to lose your phone without it ever leaving your pocket, and it\u2019s called SIM swapping.<\/p>\n\n\n\n

SIM swapping, also called SIM jacking or SIM hijacking, is a form of identity theft where a criminal steals your mobile phone number by assigning it to a new SIM card. They can then insert the new SIM into a different phone to access your other accounts and do real damage<\/a>.<\/p>\n\n\n\n

What is a SIM? <\/b><\/h2>\n\n\n\n

SIM stands for subscriber identity module, and it\u2019s commonly known as that small, removable chip card used in a mobile phone. Each SIM card is unique, and yours is associated with your mobile account. You can pop it out of your phone and put it in another, and your phone number and account data travels along.<\/p>\n\n\n\n

How does SIM swapping happen?<\/b><\/h2>\n\n\n\n

The SIM swapping scam starts with a person impersonating you as they contact your mobile carrier. They will claim that they have a new SIM card to activate for your account. They might say the original phone and SIM card were lost, destroyed or sold with the SIM card left in accidentally.<\/p>\n\n\n\n

The mobile carrier will most likely request some identity verification, such as the account PIN or security questions that you set up, or the last four digits of your social security number. More on this later. Once the criminal has persuaded the mobile carrier\u2019s customer service representative that they\u2019re legit, they\u2019re able to get your phone number reassigned to their SIM. The criminal has essentially disconnected your phone number from your phone and assigned it to their SIM card, which they\u2019ve popped into their device. With that, they can go about resetting account passwords<\/a> and taking control of any two-factor authentication that goes to your phone via text message. They can start accessing a multitude of accounts, email, digital payment systems, social media, shopping, and so on.<\/p>\n\n\n\n

Let\u2019s get back to that detail about your account PIN and last four digits of your social security number. How would someone know this information? This is where things get interesting and show the direction that modern cyber criminals are taking.<\/p>\n\n\n\n

Welcome to the world of data breaches <\/b><\/h2>\n\n\n\n

Over the years, thousands of data breaches have occurred with billions of records stolen, including the April 2021 Facebook data leak<\/a> that impacted 533 million accounts. These numbers are so large, you might be numb to them now. Perhaps nothing bad has ever happened to you personally, and you\u2019ve been able to change your passwords on breached accounts, so you\u2019re safe, right? Not exactly.<\/p>\n\n\n\n

Our research shows that while people are gravely concerned about their bank account and social security information showing up in a data breach, they are less concerned about their name, email address or their birth date. And yet when put together, this is exactly the kind of information that is risky to account security for things like your bank, your medical records, your mobile carrier and any online account.<\/p>\n\n\n\n

Here\u2019s why.<\/p>\n\n\n\n

As the amount of breached data grows, cybercriminals have gotten organized, connecting the various data dumps together to create more full pictures of each individual so they can use it later. Consider the following scenario:<\/p>\n\n\n\n

January 2019: Big Breach A <\/b>
Includes your name, email address, password and phone number. You changed your password on that account and moved on.<\/p>\n\n\n\n

November 2020: Big Breach B <\/b>
Includes your email address, social security number, physical address and date of birth. This was alarming, so you changed your password just to be safe.<\/p>\n\n\n\n

April 2021: Data Scrape C <\/b>
Includes your name, email address, phone number and gender identity. You never heard about this one because it wasn\u2019t a data breach at all. This information was pulled from information you made public through your social media accounts.<\/p>\n\n\n\n

Here\u2019s a simple table view of what they\u2019ve collected:<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
<\/td>\n\n

Big Breach A<\/span><\/h3>\n<\/td>\n

\n

Big Breach B<\/span><\/h3>\n<\/td>\n

\n

Data Scrape C<\/span><\/h3>\n<\/td>\n<\/tr>\n

Name<\/td>\nx<\/td>\n<\/td>\nx<\/td>\n<\/tr>\n
Email address<\/td>\nx<\/td>\nx<\/td>\nx<\/td>\n<\/tr>\n
Password<\/td>\nx\n(since changed)<\/td>\nx\n(since changed)<\/td>\n<\/td>\n<\/tr>\n
Phone number<\/td>\n<\/td>\n<\/td>\nx<\/td>\n<\/tr>\n
Social security number<\/td>\n<\/td>\nx<\/td>\n<\/td>\n<\/tr>\n
Physical address<\/td>\n<\/td>\nx<\/td>\n<\/td>\n<\/tr>\n
Date of birth<\/td>\n<\/td>\nx<\/td>\n<\/td>\n<\/tr>\n
Gender identity<\/td>\n<\/td>\n<\/td>\nx<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n

Cyber criminals could now connect these breach records via your email address, which was common in all three, giving them a more complete information picture about you.<\/p>\n\n\n\n

Let\u2019s talk about your mobile account PIN. Do you remember it? According to security researchers, there\u2019s a high probability that your PIN is something easy to remember, like your birthday, birth year, street address or ZIP code. Looking at the above table, the cyber criminal now has that data, and it\u2019s associated with your phone number. They can make a few educated guesses about your PIN to gain access to your account.<\/p>\n\n\n\n

If that doesn’t work, they could simply tell the mobile customer service rep Wow, I set that PIN so long ago, and I have no idea what it is.<\/i> Very believable! No problem, the customer service rep says, just tell me the last four digits of your social security number. BINGO, the criminal impersonator also has that data at their fingertips. The SIM transfer takes a few minutes. When it\u2019s done, you\u2019re kicked out of your phone\u2019s account.<\/p>\n\n\n\n\n

\n \"\" <\/div>\n
\n

Firefox Monitor<\/h3> See if you\u2019ve been part of an online data breach<\/span> <\/div>\n<\/a>\n\n\n\n

How do you know if you\u2019ve been SIM swapped?<\/h2>\n\n\n\n

On your end, your phone might start behaving strangely. Texting and calling may not work. If you’re on WiFi, you might start getting emails about account changes. Friends might tell you that your social media accounts have been hacked. Even worse, unauthorized bank activity could start happening.<\/p>\n\n\n\n

What should I do if I\u2019ve been SIM swapped?<\/h2>\n\n\n\n

If any of this happens, get in touch with your mobile carrier immediately for help.<\/p>\n\n\n\n

How can I prevent SIM swapping?<\/h2>\n\n\n\n

There\u2019s not an easy answer to this question, but there are a few things you can start doing right away.<\/p>\n\n\n\n

  1. Reset the PIN on your mobile account. <\/b>Select a strong, complex PIN that only you will know. Don\u2019t use things like your address, birthdays or social security number \u2014 information that could show up in a data breach.<\/li>
  2. Set your online profiles to be more private.<\/b> In the recent Facebook data leak<\/a>, no passwords or logins were stolen, rather the information collected was scraped from public profiles. Consider doing this for all social accounts \u2014 Facebook, Twitter, Instagram, LinkedIn, TikTok, SnapChat to name a few. Then move onto all your online accounts that have social aspects, like event invitation sites, workout accounts, chats, etc. Set your information as private or viewable only by trusted friends wherever you can.<\/li>
  3. Contact your mobile carrier and ask them what they\u2019re doing to protect you from SIM swapping.<\/b> Your carrier may already have solid protections in place. If not, the more consumers ask service providers for security protections, the more likely they are to happen.<\/li><\/ol>\n\n\n\n

    Don\u2019t wait for a data breach to get smart about your security<\/b><\/h2>\n\n\n\n

    Being alert to security issues like data breaches and SIM swapping is part of modern internet citizenship as we do more with our devices and live online. Here are some more tips:<\/p>\n\n\n\n

    Use <\/b>Firefox Monitor<\/b><\/a>.<\/b> Check to see if your email address has been part of a previous data breach and get alerted to future ones.<\/p>\n\n\n\n

    Choose strong, unique passwords<\/b>. Firefox Password Manager<\/a> can suggest strong, unique passwords<\/a>, save them, and help you manage them whenever you\u2019re logged into your account.<\/p>\n\n\n\n

    Use <\/b>Firefox Relay<\/b><\/a>. Use Relay\u2019s email aliases to break the email address connection between your data in different data breaches.<\/p>\n\n\n\n

    Make your social media accounts more private.<\/b> Part of what makes social media fun is that people share personal stories and info. But that doesn\u2019t mean your account needs to share personal data publicly like your phone number, address, location and birthday (to name just a few things) with anyone who looks for it.<\/p>\n\n\n\n

    Consider using a 2-factor authentication <\/b>device<\/b><\/a> or <\/b>app<\/b><\/a> that doesn\u2019t use SMS or texting.<\/p>\n\n\n\n

    \n","protected":false},"excerpt":{"rendered":"

    These days, smartphones are in just about everyone\u2019s pocket. We use them for entertainment, sending messages, storing notes, taking photos, transferring money and even making the odd phone call. Our phones have become essential appendages to life. If you\u2019ve ever physically lost your phone, you know that sinking, desperate feeling of checking all your pockets […]<\/p>\n","protected":false},"author":727,"featured_media":65028,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[461998,289374],"tags":[4708],"coauthors":[311664],"acf":[],"yoast_head":"\nWhat is a SIM swapping scam and how can you protect yourself?<\/title>\n<meta name=\"description\" content=\"SIM swapping is a form of identity theft where a criminal steals your mobile phone number, and from there can wreak havoc on your account security.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/\",\"url\":\"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/\",\"name\":\"What is a SIM swapping scam and how can you protect yourself?\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2021\/05\/moz_explains_simjacking_blog_header_1200x800.jpg\",\"datePublished\":\"2021-04-07T23:15:00+00:00\",\"dateModified\":\"2021-10-04T18:24:14+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/5c987afc4f606be73692d2acfdd1316c\"},\"description\":\"SIM swapping is a form of identity theft where a criminal steals your mobile phone number, and from there can wreak havoc on your account security.\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/#primaryimage\",\"url\":\"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2021\/05\/moz_explains_simjacking_blog_header_1200x800.jpg\",\"contentUrl\":\"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2021\/05\/moz_explains_simjacking_blog_header_1200x800.jpg\",\"width\":1200,\"height\":800},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mozilla Explains: SIM swapping\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/en\/\",\"name\":\"The Mozilla Blog\",\"description\":\"News and Updates about Mozilla\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/5c987afc4f606be73692d2acfdd1316c\",\"name\":\"M.J. Kelly\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/image\/70718b02fa9f11d88288b937f1da2ac1\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d61ff6a9eb6dd324df20cb773e6c416e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d61ff6a9eb6dd324df20cb773e6c416e?s=96&d=mm&r=g\",\"caption\":\"M.J. Kelly\"},\"description\":\"Mozilla Communications\",\"url\":\"https:\/\/blog.mozilla.org\/en\/author\/mjkellymozilla-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What is a SIM swapping scam and how can you protect yourself?","description":"SIM swapping is a form of identity theft where a criminal steals your mobile phone number, and from there can wreak havoc on your account security.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/","url":"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/","name":"What is a SIM swapping scam and how can you protect yourself?","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2021\/05\/moz_explains_simjacking_blog_header_1200x800.jpg","datePublished":"2021-04-07T23:15:00+00:00","dateModified":"2021-10-04T18:24:14+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/5c987afc4f606be73692d2acfdd1316c"},"description":"SIM swapping is a form of identity theft where a criminal steals your mobile phone number, and from there can wreak havoc on your account security.","breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/#primaryimage","url":"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2021\/05\/moz_explains_simjacking_blog_header_1200x800.jpg","contentUrl":"https:\/\/blog.mozilla.org\/wp-content\/blogs.dir\/278\/files\/2021\/05\/moz_explains_simjacking_blog_header_1200x800.jpg","width":1200,"height":800},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/en\/privacy-security\/mozilla-explains-sim-swapping\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/en\/"},{"@type":"ListItem","position":2,"name":"Mozilla Explains: SIM swapping"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/en\/#website","url":"https:\/\/blog.mozilla.org\/en\/","name":"The Mozilla Blog","description":"News and Updates about Mozilla","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/5c987afc4f606be73692d2acfdd1316c","name":"M.J. Kelly","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/image\/70718b02fa9f11d88288b937f1da2ac1","url":"https:\/\/secure.gravatar.com\/avatar\/d61ff6a9eb6dd324df20cb773e6c416e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d61ff6a9eb6dd324df20cb773e6c416e?s=96&d=mm&r=g","caption":"M.J. Kelly"},"description":"Mozilla Communications","url":"https:\/\/blog.mozilla.org\/en\/author\/mjkellymozilla-com\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/posts\/65027"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/users\/727"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/comments?post=65027"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/posts\/65027\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/media\/65028"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/media?parent=65027"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/categories?post=65027"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/tags?post=65027"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/coauthors?post=65027"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}