SIM Hijacking: What You Need to Know

- by Rachel Lee
SIM Hijacking: What You Need to Know

A constant (and growing) threat looms around anyone with valuable accounts. If that isn’t bad news yet, what’s even worse is that your data might fall into the wrong hands due to the essential thing that you own: your mobile number.

Anyone could easily fall victim to malicious hackers who plot attacks on mobile networks or trick them into providing your phone number to steal information such as usernames and sell them for money. News has brought to light a group of cyber-criminals that employ a technique known as SIM swapping (also SIM hijacking) to steal Bitcoin, other cryptocurrencies, and social media accounts.

With its simple and low-traceability scheme, the “port out scam” has easily spread like wildfire. It proved a highly lucrative technique employed by criminals now targeting Bitcoin and other cryptocurrency accounts.        

What is SIM Hijacking?

For an individual to access another person’s usernames, accounts, and other credentials via SIM hijacking, they first need to have a phone number linked to these pieces of sensitive information. Therefore, once hackers have breached or tricked cell phone network systems into providing them with users’ phone numbers, they would contact the victims’ cell phone numbers to request new SIM cards.  The hackers would then link the user’s phone number to the new SIM card and reset all passwords of the user’s bank, crypto, investment, email, and social media accounts and those linked to Amazon, Netflix, eBay, and Hulu. The target would lose control over their data and activities on these accounts by doing so.

Mobile networks are partly to be blamed for this, too. One is because they efficiently provide cell phone numbers to such entities. And two, for being quite reluctant when requesting data on the prevalence of SIM hijacking.

Setting up two-factor authentication for an account typically entails providing your cell phone number so that you can receive unique codes to use each time you log in after entering your username and password. The code may also be sent to your email. Since two-factor authentication has become so common, hackers now have another challenge to accessing your information – they need your cell phone number, too.

Almost everyone is susceptible to having their SIMs stolen, but since it's not the most straightforward attack to execute, only a limited number of users can be targeted at once. While those with high-profile social media profiles, easily accessible personal information, or valuable financial accounts are undoubtedly exposed, this problem can also affect regular people with a basic understanding of online security. Regrettably, many airlines, businesses, and financial institutions still need to implement complete security measures to stop this. Even if additional layers of security protect client information, the attackers may have insider collaborators funneling customer information to hijackers. Yet, there are a few options available to you. 

Two-factor authentication (2FA) is an excellent approach to protect your accounts, but it's only partially secure if it's done over SMS. Although SIM hijacking, also known as SIM shifting, has been practiced for some time, it is now much more common to steal phone numbers and use them to access accounts since our financial identities are moving increasingly online. As phone carriers gradually tighten their security measures and as 2FA apps like Google Authenticator and Authy gain popularity, it's becoming more challenging to pull off, but as of 2018, it still needs to be solved.

What are the ways to Protect yourself from SIM Swapping?

People can’t sit idly by because it doesn’t take highly qualified individuals with social engineering tools and tech backgrounds to pull off such a highly-damaging scam on virtually almost anyone they get their phone numbers from. Therefore, everyone must employ all security and protective measures to keep scammers at bay and away for good. Here are some tips on how we can all avoid falling victim to SIM swapping. Follow these tips to secure your SIM card and your personal information to prevent SIM hijacking.

1.    Toughen SIM-based Accounts

The first relies on mobile networks to develop more complex security features, making it harder for hackers to access phone numbers and take over phone-based accounts.

2.    Do not Link your Phone Number to your Online Accounts

Avoid supplying information in any (online) account that would ultimately lead to your phone number, which hackers could target using the SIM hijacking scheme. Once hackers get a hold of something as basic as your phone number, they can easily access your other online accounts.

3.    Always update your Phone Security Settings

SMS-based verification protocols are not nearly as secure as you were made to think. Instead of this method, use token-based 2FA to heighten your defense against SIM-based threats and scams. With something as simple as a phone number, a hacker can creatively meddle with and steal even your most privileged information that could damage you. Even if they don’t interfere with your accounts, hackers can easily blackmail you with information that would most damage your work or personal identity for their gain.

Either way, falling victim to such a malicious act would be the worst spot you’d want to be in. While there are plenty of factors that must be considered to counter scams such as SIM hijacking, especially with the angle of mobile carriers, one cannot be too cautious in securing their safety by other means, such as the use of a reliable VPN like VPN Surf when going online for any personal or work-related activities.

You need to be more secure even with a PIN, authenticator app, and VoIP service because PINs can be lost or stolen, authenticator applications are only sometimes supported, and some providers won't allow you to utilize VoIP. The best you can often do in the always-changing world of cybersecurity is position yourself appropriately, keep a watch out for questionable activities, and respond swiftly if anything happens. The more secure you are, the less likely it is that someone will choose you as a target, and the quicker you react, the less likely it is that you'll lose a few dollars or Instagram accounts.


Sim hijacking is a severe threat that can have terrible consequences for victims. Being vigilant and taking precautions to protect yourself is more important than ever because hackers constantly change their strategies. You can significantly lower your risk of becoming a victim of a sim hijacking attack by taking the preventative steps recommended in this article, such as using strong passwords and turning on two-factor authentication. It's critical to immediately alert law enforcement and your mobile carrier if you think your sim has been affected. You can avoid sim hijackers and protect your personal information with the correct information and precautions.

Read more blogs about security here: 



Do you value your privacy online?

Use VPN Surf and surf safely and securely in the open waters of the internet.

What do you think about this post?