SIM swap scam: what you should know

Fraudulent text messages. Bad apps. Unsafe Wi-Fi networks. Unfortunately, the list of possible threats that can impact our mobile devices, and ultimately our online security and privacy, continues to grow. The latest scam that Canadians are being warned about is referred to as “SIM swapping”. Here’s what you need to know to help keep your device and data safe.

What exactly is SIM swapping and how does this scam work?

SIM cards are small removable cards that slide into our mobile devices. SIM stands for Subscriber Identity Module and the circuits contained within the cards connect our phones to our phone numbers. SIM swapping is a process by which a mobile subscriber transfers their phone number onto a new SIM card. Mobile users could have a legitimate need to do this, for instance, if they are switching mobile carriers or if they’ve lost their phone.

Established by the Canadian Radio-television and Telecommunications Commission, or CRTC, to help enable mobile users to more easily switch mobile service providers while retaining their number, fraudsters are using the relatively simple SIM swap process and guidelines to their advantage. Unfortunately, they are requesting unauthorized SIM swaps from mobile service providers or issuing requests to port (or transfer) victims’ phone numbers to different providers, all with the intention of gaining access to their victims' phone numbers. Once they gain control of the victim’s number and/or it is successfully connected to their device, the fraudster will begin receiving any calls and texts placed to the number. They can also use the password reset feature to gain access to any online accounts that have been linked with the mobile phone number - be it email, social media, online bank accounts and more.

How can I protect myself against this threat?

Protect your information

Limit the amount of personal information about you online; fraudsters can use this information to verify your identity when attempting to swap your SIM. Be careful to not click on phishing emails (and texts) that ask you to provide and/or validate private information.

Guard your phone number

Don’t add your phone number to any online accounts where it is not necessary. The fewer accounts you have associated with your number, the lesser your risk.

Use strong and unique passwords for each of your accounts

Using the same password across multiple accounts is a hacker’s jackpot. When you use the same password across different accounts, remember that once they successfully hack one account, they’ve hacked them all.

Set up authentication methods that aren’t text based

Often, online accounts will require you to set up two-factor-authentication (2FA) for added protection; with 2FA, you need to authenticate yourself with something in addition to your username and password, such as a code that is sent to your device by text. With SIM swap fraud on the rise, you may want to use something other than your phone number for 2FA like an authenticator app or security key.

Know the signs

You may be a victim of this scam if your phone stops working properly - for instance you won’t be able to send or receive texts and phone calls. You may also receive a notification advising that your phone number has been activated with another provider and/or notice that you can no longer log in to your online accounts.

Trust your gut and respond quickly

If you think something is awry and/or if you can’t make or receive phone calls on your device, contact your wireless provider immediately.

Additionally:

• Report the fraud to your local police and the Canadian Anti-Fraud Centre at 1-888-495-8501.
• Notify your bank and credit card companies.
• Contact the two national credit bureaus to request a copy of your credit reports and place a fraud warning on your file (Equifax Canada Toll free:1-800-465-7166 and TransUnion Canada Toll free: 1-877-525-3823).

Just as it is important for mobile subscribers to take the necessary steps to protect themselves, wireless providers are also helping to mitigate the risk of unauthorized SIM swaps. From a TELUS perspective, SIM swap support requests are no longer supported by TELUS Call Centres; instead, customers are requested to log into My TELUS or go to a TELUS store for assistance. Additionally, when TELUS receives a request to port a mobile number to another carrier, TELUS will send an SMS notification about the request, providing customers with the opportunity to contact TELUS should the request be unauthorized. Customers can also contact TELUS (or any alternate mobile service provider) to discuss additional security controls that may be available.