The FBI Warns SIM Swapping Attacks Are Rising. What’s That?

March 18, 2023 • Zachary Amos


While SIM swapping attacks are just one kind of cybercrime, 2022 saw them increasing in frequency along with most other types of digital fraud. In fact, the FBI even released an alert to warn people. Here’s what you need to know.

What Is the FBI Warning About?

In February 2022, the Federal Bureau of Investigation (FBI) issued Alert Number I-020822-PSA on SIM swapping attacks. It’s entitled “Criminals Increasing SIM Swap Schemes to Steal Millions of Dollars from US Public,” and it comes amid a general increase in cybercrime across the globe.

Cybercrime is the gravest threat to business of all fraud types, according to the World Economic Forum. The Insurance Information Institute says that 47% of American citizens experienced some kind of financial identity fraud or theft in 2020. Globally, cybercrime will carry a $10.5 trillion price tag annually by 2025.

Why Are SIM cards Useful in Hacking Attacks?

This kind of cybercrime is also called a SIM swapping hack. So, what’s a SIM swapping hack?

Actually – first – what’s a SIM card? You probably know its function, but what does it actually do, and why would a hacker take an interest in it?

The acronym “SIM” stands for “subscriber identity module.” This small chip contains information about your phone and its capabilities, including:

  • Its phone number
  • The type of data it can send and receive
  • The network infrastructure it’s authorized to connect to.

If you remove the SIM card from your phone, you won’t be able to connect to your cellular network – only Wi-Fi. Suppose you replaced the SIM card in somebody’s phone with an altered SIM card. How will it affect cybersecurity? What could you do with that kind of access?

What Are SIM Swapping Attacks?

SIM swapping attacks are as simple as they sound, at least in theory: Whether by stealth or by social engineering (convincing you to do it, or to let them do it), the hacker will replace the authorized SIM card in your phone with an altered one.

With this accomplished, the phone would then begin forwarding all received text messages, calls, and requested mobile data to the hacker’s phone.

There’s another danger, too, concerning two-factor authentication (“2FA”), also known as multi-factor authentication (“MFA”).

Because the networks divert the target’s calls and text messages, so do any requests for one-time 2FA codes. In other words, SIM swapping attacks are a perfect way for hackers to circumvent “Forgot My Password” features.

The ultimate result of this level of access could be multiple compromised accounts. Once the criminal uses 2FA to get into the victim’s online accounts, they can change the passwords and lock out the authorized user. They might repeat this process for as long as the fake SIM card goes undiscovered.

What Does This Mean for Smartphone Users?

For precisely this reason, Microsoft has been warning consumers that using phone numbers for 2FA and account recovery is no longer safe. The FBI has now echoed those sentiments in its February 2022 PSA.

Everybody who owns a smartphone should know how to protect themselves. Here’s how, according to the FBI:

  • Do not reveal details about financial or cryptocurrency assets anywhere online, like forums or social media.
  • If somebody on the phone requests passwords, phone numbers, PIN numbers, or similar credentials, decline to do so. Verify on the official website for the party you’re trying to reach that the number you’ve called (or been called by) is legitimate.
  • Use unique passwords for all of your online accounts.
  • If anything looks off or suspicious about the way SMS connectivity is functioning in your smartphone, take it to an authorized location to get it evaluated.
  • For 2FA/MFA purposes, use biometrics, physical tokens, and third-party authentication apps instead of phone numbers for the most robust security possible.

Suppose you suspect a SIM swapping attack successfully targets you. Contact your mobile carrier immediately to take back control of your phone number.

You’ll also want to change your online accounts’ passwords. It will be a hassle, but err on absolute caution. You don’t know what hackers might access.

Because SIM swapping begins a physical act, the FBI also requests that you contact a local field office to report the event. Every report makes it likelier that authorities will find and stop the perpetrator.

What About the Newest iPhones and Smartphones Without SIMs?

The iPhone 14 series has no physical SIM card slot. Instead, it uses eSIM, or electronic SIM. eSIM embeds the data that would otherwise reside on the physical SIM card into the phone.

There are some advantages to eSIM – including what we’re talking about today. eSIM is more secure because hackers can’t remove them. The lack of a physical SIM tray means hackers have nothing to tamper with.

Switching carriers and adding extra lines is more manageable, too, because you can have multiple eSIMs (on compatible phones) instead of needing a smartphone with more than one SIM tray.

Some carriers don’t support eSIM yet. And eSIM can be a problem for travelers going to countries with just one compatible carrier. In such cases, the cost of an eSIM activation and subsequent service plan could be far higher than the average prices for carrier service.

Technologists predict that smartphones without physical SIM cards could present a headache for users. In addition, carriers before things become standardized and prices for eSIM activations achieve parity with normal carrier services.

Know You Know About SIM Swapping Attacks

Maybe you’ve upgraded already and don’t need to worry about SIM swapping attacks. It’s worth heeding the FBI’s warning for the rest of us. Don’t leave your smartphone unattended. Be on the lookout for strange SMS behavior. Use strong passwords and don’t give them to anybody. Know how to spot phishing attempts. As always, an ounce of prevention is more valuable than a pound of cure.