41
Sim swapping is an attempt by fraudsters to obtain sensitive data. Read here how the scam works and how you can protect yourself against it
Sim swapping: How the scam works
The mass spread of the “Bundestrojaner” at the latest raised public awareness of viruses, worms and hacker attacks. A lot of time has passed since then and fraudsters have developed a variety of scams – such as cloning professional websites – to obtain their victims’ data. One of these is “sim swapping”. This works as follows:
- According to current statistics, 81.8 percent of the population in Germany own a smartphone and almost everyone uses apps on them – everything from social media to online banking is included.
- Many services have integrated “two-factor authentication” for protection. This means that a randomly generated code is sent to the telephone number (often by SMS), which must be entered after the password – only then can the portal be used.
- Sim swapping (also known as SIM hijacking or SIM swapping) is used by hackers to gain access to the SIM card (and therefore also to the portals).
- The first step is to collect data such as the victim’s date of birth, name, place of birth, telephone number and home address. The first port of call for this is social networks – but the hacker can also obtain the data through phishing.
- The fraudster then has to obtain the SIM card. To do this, he presents himself as the victim to the mobile phone provider and tries to obtain a new SIM card.
- Hackers have an easier time with models with eSIM (e.g. the last four iPhone generations), as they only need access to the smartphone in such cases and can then overwrite the profile.
Affected by the SIM swap: Act immediately
SIM swap has become a popular scam when it comes to obtaining personal data. If you are affected, you should notice this and act accordingly:
- If you receive emails about unusual activity, this is the first sign that your SIM card has been intercepted. If you are also no longer able to log into any services or make any calls or text messages, this is even more likely
- First of all, you should contact your provider and have the card blocked. Repeat this with the portals you are registered with and change your passwords there.
- You should also contact your bank and inform them of the hacker attack – this way, transactions can be monitored.
- You should also store a customer password with your mobile phone provider (Deutsche Telekom has even enabled voice recognition since 2018). You should also use FaceID or fingerprint activation on your smartphone (instead of texting)
