How Bad Is a Hacked or Stolen SIM Card?
Your SIM card plays a crucial role in online security. Each one is individual and tied to your personal account. If someone gains access to your SIM card data, they can take control of almost any protected account you hold — including your bank accounts.
That’s how scammers stole more than $68,000 from a 64-year-old woman in Miami [*]. Without her knowledge, fraudsters convinced Wei Shen’s service provider to give them a new SIM card in her name.
In only a few hours, they broke into her bank account and wired her retirement fund to an account they controlled. By the time Wei arrived at the store to get a new SIM card, the money was long gone.
SIM card attacks are surging in popularity. According to the latest FBI Internet Crime Complaint Center (IC3) report [*]:
There were more than 1,500 reports of SIM swapping last year with Americans losing nearly $68 million in damages.
In this guide, we’ll explain how scammers can steal your SIM, how to tell if it’s been hacked, and what you can do to protect yourself against SIM card scams.
How Do Scammers Steal Your SIM?
Scammers don’t have to gain physical access to your phone in order to access your SIM card.
Instead, SIM swap scams occur when fraudsters pose as you and trick your phone carrier into providing them with a SIM in your name. This gives them access to your phone number — and, potentially, your online accounts and data.
Here’s how the scam works:
- Scammers steal your personal information. SIM swaps require scammers to steal your identity in order to convince your phone carrier that they’re you. Scammers may target you first with phishing emails or keylogging malware. But in most cases, they simply buy your sensitive information off the Dark Web after it’s been leaked in a data breach.
- Then, they contact your phone carrier. The fraudsters need to provide enough information to pass your network provider’s authentication process and answer security questions. This could include your Social Security number, home address, and other information. They can do this online, over the phone, or by walking into a local store and purchasing a new SIM in your name.
- Next, they use the new SIM to take over your phone number. Once the “swap” is complete, the scammers activate the new SIM and take over your phone number. At this point, your current SIM will stop working.
- Finally, they use “your” phone to break into your online accounts. With access to your SIM card, scammers can achieve the same results they would from stealing your phone — but with less risk.
This is the most common way scammers steal SIM cards — but it’s not their only method. Criminals could also steal your phone or use sophisticated techniques like SIM cloning or technical spyware exploits [*].
What Can Someone Do With Your SIM Card?
SIM swapping — also known as SIM jacking — is often the first step in larger scams. Once fraudsters gain access to your mobile device, they can use it to defraud you in multiple ways:
Gain access to your phone number and impersonate you
Scammers can use your SIM card to make calls, send SMS messages, and post to social media accounts on your behalf. Hijacking your phone number may be the first step towards completely taking over your digital life.
In one famous example, hackers compromised former Twitter CEO Jack Dorsey’s phone and used Twitter’s text-to-tweet service to impersonate the company leader [*].
Intercept two-factor authentication codes for your accounts
Using two-factor authentication (2FA) is one of the best ways to secure your accounts. However, if you receive 2FA codes via SMS messages and your SIM card gets hacked, scammers can intercept them — and break into your online accounts.
Whenever possible, try to use an authenticator app such as Authy instead of SMS for 2FA codes.
Monitor your phone calls and messages
Cybercriminals can also use a hacked SIM card to receive or monitor your calls and texts. They could sit in the shadows and wait to uncover sensitive information that they can use to scam or blackmail you.
One of the worst outcomes of a SIM swap attack is doxxing — when someone posts harmful information about you online. According to the Pew Research Center, 41% of Americans have experienced some form of doxxing in their lives [*].
Use your phone number to run scams on your contacts
A hacked SIM card also gives scammers access to your full contact list — putting your friends, family, and colleagues in danger. Fraudsters can pose as you and ask people you know for money or sensitive information that they can use to further scam them.
Access your bank, crypto, and other financial accounts
Many financial services use SMS messages to authenticate user logins. Attackers can use your SIM to reset your passwords and gain access to financial accounts.
This is how New Jersey resident Vibhor Jain lost about $45,000 worth of cryptocurrency [*]. Someone took out a new SIM card in Vibhor’s name and used it to access his Coinbase account. It took only minutes for cybercriminals to empty Vibhor’s accounts and disappear with the money.
⛳️ Related: Are Crypto Recovery Services a Scam? →
Steal sensitive data, photos, and videos in your cloud backups
If your phone automatically saves data, photos, and videos to the cloud, anyone with your SIM card can download this information.
Your saved photos and videos may say a lot about who you are. A hacker can use this tactic to find out where you live, where you work, and potentially much more. Once they already have access to your SIM card, scammers can infiltrate other parts of your life as well.
Use GPS tracking to monitor your location
Many mobile applications rely on location tracking to work. These devices need to send GPS data over the wireless network, which requires a SIM card. If a hacker gains access to your SIM card, they could use it to track your location in real-time by using your cellular data connection.
⛳️ Related: What To Do With an Old SIM Card (Don't Throw It Out!) →
How To Tell If Your SIM Card Is Hacked or Compromised
- Your phone stops working. If scammers take over your phone number, your telecom provider may stop serving your phone. You won’t be able to make calls, send texts, or access the internet.
- You stop receiving dual-factor authentication codes. If your phone number has been assigned to a new SIM, you won’t receive SMS authentication codes to your device. Instead, your phone company will send those codes to the new device registered in your name. This is one way hackers compromise accounts protected by 2FA.
- You receive a message asking you to restart your phone. Your mobile phone may detect that another device is using the SIM card assigned to it. Some phones require users to restart the phone when this happens. When the restarting process is complete, you won’t be able to make calls or send texts.
- Your device reports being in a strange location. If you use a phone finder app like Apple, Google, or Samsung’s Find My Device, you may see your phone pinned on the map in a strange location. It may be your phone, or a different phone registered to your name.
- You get locked out of your online accounts. If you can’t pass two-factor authentication, you won’t be able to access many of your online accounts. Additionally, some services may tag your activity as suspicious and prevent you from logging in. However, there is also a chance that hackers have locked you out by changing your login credentials.
- You see unfamiliar messages and numbers in your sent folder. If your phone’s SIM card has been compromised, you may see unusual calls and SMS activity. If you see outgoing calls and messages that you don’t recognize, it might mean that someone is using your SIM card without your knowledge.
- Your data bill is much higher than usual. If someone is using your SIM card to access and download data to a second device, they may use your data subscription in the process. Your phone bill may show additional devices and higher activity, leading to higher prices.
- New apps suddenly appear on your phone. If someone compromises your mobile device, they may install new apps without your consent. Even if these look like harmless applications, they could hide malware or keyloggers on your phone.
How To Protect Yourself Against Phone Scams and Hackers
- Add a PIN to your account
- Lock your SIM on your device
- Limit what people can find out about you online
- Use an authenticator app for 2FA
- Learn the warning signs of a phishing scam
- Install antivirus on your devices
- Keep your phone physically secure
- Monitor your credit and bank accounts
- Consider a digital security service like Aura
Resolving a SIM swapping attack is much more complicated than preventing one. Here’s what you can do right now to make it much harder for hackers to compromise your device:
1. Add a PIN to your account with your cell phone provider
Mobile carriers like T-Mobile, Verizon, and AT&T allow customers to secure their accounts with a PIN number. This small step can make it much harder for cybercriminals to breach your account.
You can usually choose between multiple types of PINs and passcodes. The four-digit PIN code is not as secure as a longer alphanumeric passcode. Avoid reusing PINs and passcodes that you’ve used for other services.
2. Lock your SIM on your device
SIM cards are typically unlocked when sold. They may have a generic four-digit pin like “0000.” You can set a SIM code in your security settings for your current or new phone. This creates an additional barrier between hackers and your sensitive data.
Here’s how to lock your SIM on your mobile device:
Note that your SIM security code is different from your phone’s ID system. If you unlock your phone using your fingerprint or Face ID, this doesn’t mean your SIM is automatically protected.
Unlike fingerprint and Face ID, you only input your SIM security code when powering on the device – not every time it wakes from sleep mode.
3. Limit what people can find out about you online
Service providers have security measures in place to help protect your account. But if your personal information is easily available online, those measures won’t do much good.
Pay attention to how much personal information you share online — especially on social media. Even basic information like your hometown name, address, or pet’s name can give away answers to common security questions.
4. Use an authenticator app (rather than SMS) for 2FA
All mobile phones — including Android devices and Apple iPhones — send SMS data using a telecom protocol called Signaling System 7 [*]. This system was introduced in the 1980s and was not designed to handle modern security threats.
Authenticator apps like Google Authenticator or Authy don’t require SMS to verify your identity. Instead, they connect directly to your device hardware. Many authenticator apps don’t even require you to connect to the internet, which makes it much easier to keep your login credentials safe.
5. Learn the warning signs of a phishing scam
Cybercriminals may use phishing scams to trick you into giving up your personal data. Swapping your SIM is just one of the things they can do with this information. Learning to identify and avoid phishing scams will help you keep your SIM safe.
Phishing messages can come from a variety of sources. You may receive suspicious emails, text messages, or social media requests. Scammers use social engineering tricks to convince you to give up personal information or download malware. Knowing when to ignore phishing attempts will help you keep your SIM card safe.
6. Install antivirus on your devices
Antivirus solutions can help you catch malware before it has a chance to cause significant damage. Not all antivirus solutions are equal. Some may even do more harm than good. Always opt for reputable software from an established cybersecurity company. Be suspicious of free antivirus downloads.
High-quality antivirus tools collect data from applications running on your device and compare that data with known threats. When an application starts behaving suspiciously, the antivirus blocks it and alerts you. This offers a second layer of defense against phishing and malware.
7. Keep your phone physically secure
SIM swaps can easily happen if scammers have access to your phone. Keep it close and with you at all times, and ensure that you’ve locked your phone with either a complex code or biometric security tools (fingerprint ID, facial recognition, etc.).
It’s also a good idea to set your phone’s “auto-lock” feature to the shortest time possible. This means that if scammers steal your phone, they most likely won’t be able to access your data.
8. Monitor your credit and bank accounts for signs of fraud
Since SIM swaps offer hackers an easy way to break into bank and credit card accounts, it’s vital that you monitor those accounts. Pay attention to any signs of suspicious activity. This might include login attempts from unknown devices, changes to your settings, and more.
Cybercriminals may not steal your money the moment they gain access to your account. A data breach may allow them to open new accounts or take out loans in your name instead. Credit monitoring services will help you detect suspicious changes to your financial life.
9. Consider a digital security service like Aura
Sorting out SIM swaps and other phone scams can cost you thousands of dollars and weeks of your life. But you don’t have to deal with the fallout alone.
An all-in-one security solution like Aura can help detect fraud and safeguard you and your family members from identity theft.
Aura combines award-winning identity theft protection with three-bureau credit monitoring and advanced digital safety tools to keep your accounts, identity, and finances safe.
With Aura, you get:
- Powerful antivirus protection for your devices.
- Safe Browsing tools and a virtual private network (VPN) to keep your data safe online.
- Credit, bank, and investment account monitoring with fraud alerts up to 4x faster than other security providers.
- Award-winning identity theft protection for your Social Security number (SSN) and other personal information.
- 24/7 access to a team of U.S.-based Fraud Resolution Specialists.
- $1,000,000 insurance for every adult member on your plan that covers eligible losses due to identity theft.
📌 Try Aura free for 14 days — Start your free trial and secure yourself against scammers and hackers.
The Bottom Line: Don’t Let Scammers Steal Your SIM
SIM swapping poses a significant risk for everyone who uses a mobile phone. It’s hard for victims to detect this attack before it’s too late — and even your device’s security features can’t stop it.
Instead, the best way to keep your SIM card out of hackers’ hands is through proactive protection and awareness.
Aura can help you stay ahead of potential threats. Using powerful encryption to keep your browsing safe, Aura alerts you in near real-time when suspicious activity is detected on your accounts. This can provide an early enough warning to prevent hackers from stealing your SIM card and compromising your accounts.