What’s the Safest Way To Deal With an Old SIM Card?
Darren Rowell knew something was wrong when he received an unexpected email from his bank claiming he’d made a $24,500 wire transfer to an account he didn’t recognize [*]. Even worse, the transfer was approved before Darren could stop it.
In the aftermath of the scam, Darren discovered that he’d been the victim of a SIM-swapping attack. This occurs when scammers use your SIM card to gain access to your accounts secured through your mobile phone.
The FBI estimates that scammers stole $72 million through SIM-swapping attacks in 2022 alone [*].
For this type of scam to work, scammers usually have to trick your phone carrier into issuing them a SIM card in your name — but it’s even easier if they can get their hands on a discarded SIM card.
In this guide, we’ll explain what kind of data is stored on your old SIM card, what scammers can do with it, and how you can properly dispose of your old SIM card when you get a new one.
What Personal Data Is Stored on Your Old SIM Card?
Subscriber Identity Module (SIM) cards link a mobile phone owner’s physical device to its owner’s account.
Older phones use large-format SIM cards that look like SD card slots — while newer phones use smaller micro SIM cards, or even ESIM technology that permanently attaches the card to the phone’s internal circuitry and can’t be accessed without a special adapter.
The good news is that most modern phones (such as Samsungs and iPhones) store user data on the device itself or in a cloud storage account.
However, in order to work, your SIM card still needs to store data and unique information about you, such as:
- Your phone number. Your SIM card contains information about your cell phone account, including your phone number. When you place an activated SIM card in a phone, it allows whoever has the SIM card to use your phone number.
- Information about your phone plan and provider. Every SIM card shows information about the mobile carrier that issued it. With this information, scammers know exactly where to focus their efforts when stealing your identity.
- Data usage information. Some SIM cards contain information about the phone’s wireless data usage. This could include location data and other sensitive information that could help hackers steal your identity.
- Your contacts list. Some phones support saving contact data directly to the SIM card. This makes it easier to transfer your contacts list when upgrading your phone, but it also increases the risks associated with losing your SIM card.
- Text messages. Some phones save SMS messages to the SIM card. Like your address book, this ensures that you can keep your text message history when upgrading to a new phone.
- Backup data. Your phone may save backup data to your SIM card, including comprehensive information about the apps you use. This could provide hackers with a lot of information about your personal and professional life.
What about iPhones? Apple iPhone SIM cards don’t contain contact data, text messages, or photos. Apple only saves users’ phone numbers and billing information to SIM cards on its devices. Nevertheless, even this information could be enough to provoke scammers’ interest in you – especially if they can re-activate the SIM card in your name.
What Can Scammers Do With Your Old SIM?
In the eyes of AT&T, Verizon, or any other mobile network carrier, anyone who has an active SIM card in your name is you. There are very few limits to what someone can do when equipped with a SIM card issued in your name.
Here are just some of the things scammers can do with an old SIM card:
Send SMS messages and make calls from your phone number
Phone carriers regard calls and messages coming from your SIM card as coming from you. When hackers use your SIM card to send messages or make calls, people will see your name show up on their caller ID.
Bypass two-factor authentication (2FA) and hack into your accounts
Most 2FA systems allow users to secure their accounts by using SMS messages. If fraudsters have access to your SIM card, they can receive those authentication messages and use them to access your social media accounts, credit card accounts, and more.
Impersonate you to scam your close contacts
If scammers gain access to your contacts list, they can use your SIM card to trick your friends and family into sending them money. They may invent an emergency and pretend to be you, hoping people you know will want to help you by sending cash.
Access your bank or cryptocurrency accounts
Since hackers can use your SIM card to bypass 2FA security, they can easily gain access to your most sensitive accounts. Multiple high-profile individuals in the cryptocurrency industry have been targeted by this type of attack [* *].
Steal sensitive data, photos, or videos from your cloud backups
Many cloud storage services authenticate users via their mobile devices. Someone who has access to your SIM card may be able to access your cloud storage and steal the files you’ve stored there. If any of this information is potentially damaging or embarrassing, it could be used to extort you.
The bottom line: While modern SIM cards hold less sensitive information than they did in the past, when in the wrong hands they can still put you at risk of fraud, identity theft, and hacking. Always make sure you properly dispose of anything that contains your personal information.
What To Do With Your Old SIM Card
- Make a backup of your phone’s data
- Wait to activate your new SIM card before disposing of the old one
- Fully destroy or recycle the old SIM card
- Factory reset your phone (if you’re planning to sell it)
- Set up a SIM PIN, and activate carrier alerts
- Monitor your phone number and sensitive data for fraud
Simply throwing away your old SIM card can expose you to security risks. Scammers may intercept the card and find ways to use the information that it holds against you. Safeguard your data by taking extra care of your old SIM card when upgrading your phone.
1. Make a backup of your phone’s data
You can keep your phone’s SIM card as an external backup on which to save your contacts and phone number in case you lose your device. Storing your phone’s data on an old SIM card makes it easier to replace a newer card if it gets damaged or lost.
Keep in mind that the Apple iOS doesn’t allow users to copy data to a new SIM card. However, you can import data from an old SIM card onto a new iPhone. Android users can import and export contacts to their SIM card directly through the phone’s Contacts app.
2. Wait to activate your new SIM card before disposing of the old one
If you’re about to replace your SIM card, avoid discarding your old card until after your new one is fully activated.
Network providers like Verizon and T-Mobile will only accept one SIM card per user at a time, so you won’t be able to use both. If there are any problems with your new SIM card, you may still be able to use your old one.
Pro tip: If your new SIM card suddenly stops working, it’s possible someone is using it without your knowledge. Keeping track of your old SIM card and disposing of it appropriately reduces this risk.
3. Fully destroy or recycle the old SIM card
Don’t throw your old SIM card in the trash. Fraudsters are more than willing to dig through garbage for a potential payday. Instead, destroy your SIM card entirely before disposing of it, preferably by cutting through the microchip with a pair of scissors.
This also applies if you’re planning on recycling your SIM card. SIM cards contain a mixture of plastic and conducting metals, including about five cents’ worth of gold [*]. This means you can’t recycle them in normal containers. Instead, you should bring your destroyed card to an electronics recycler. Your local electronics stores and service providers may be able to help.
💡 Related: What Can Someone Do With Your SIM Card? →
4. Factory reset your phone (if you’re planning to sell it)
If you recently bought a new device and want to sell your old phone, you may also need to include your old SIM card. Both Android phones and Apple iPhones allow users to reset their phones to factory settings, removing all personal data from the device so that it’s safe to sell.
How to factory reset your iOS or Android phone:
- For iOS devices: Tap on Settings and navigate to General. Tap on Transfer or Reset and hit Erase All Content and Settings. You may need to input your passcode or Apple ID password to confirm.
- On Android devices: Tap on Settings and navigate to Phone Settings. Tap on Reset and then Delete Memory Device. Confirm by clicking OK.
5. Set up a SIM PIN, and activate carrier alerts
Both Android and Apple phones support four-digit SIM PIN codes that lock the SIM card against unauthorized use.
Many phones come with a default password (often “0000”) that users can change in the phone’s settings. If someone gets your SIM PIN wrong enough times, the SIM will lock permanently and no longer function.
How to enable SIM PIN on iOS:
- Go to Settings and tap on Cellular.
- Tap on SIM PIN to enable the feature.
- Input your desired PIN and tap on Done.
How to enable SIM PIN on Android:
- Go to Settings, then Security, and then More Security Settings.
- Tap on SIM card lock and enable Lock SIM card.
- Enter the default PIN that came with your phone, and then tap on Change SIM PIN.
- Enter a new PIN and hit OK.
6. Monitor your phone number and sensitive data for fraud
If you are changing phone numbers, you may wish to hold onto your old SIM card so you can check if someone else is using your old number to impersonate you. You may periodically insert your SIM card into your new phone to check if it receives unexpected messages, or leave it in an old phone you don’t regularly use.
Most mobile phone companies recycle deactivated phone numbers within three months, but the timing can vary [*]. Eventually, your phone carrier will assign your number to someone else, and your old SIM card will stop working entirely. When this happens, you can safely destroy and recycle the old SIM card.
Are Old SIM Cards Worth Anything?
Old SIM cards only hold value for electronics recyclers and hackers. There is no reason to hold onto an old SIM card after your telecom provider changes the number assigned to the card. Keeping them only exposes you to the risk of SIM swapping and SIM cloning attacks.
Some people keep old SIM cards, expecting to be able to reuse or sell them later. There is no legitimate reason for someone to buy an old SIM card. Don’t put your SIM card up for sale, and never trust anyone who offers to buy it from you.
What to do: The best thing to do with an old SIM card is to destroy and recycle it. If there isn’t an electronics recycler nearby, you can safely discard a destroyed SIM card in the garbage.
The Bottom Line: Destroy Your Old SIM Card To Stay Safe
Hackers know how to use old SIM cards to access your accounts and steal your identity, but they can’t use destroyed cards. If you recently replaced your phone and have an old SIM card left over, take a moment to safely destroy the card before disposing of it. This will protect you from costly and complicated threats.
SIM swapping isn’t the only phone risk that people face. Scammers have many tools at their disposal, and they are constantly looking for new ways to steal from victims. Consider signing up for Aura’s comprehensive security solution and get 24/7 award-winning identity theft protection, three-bureau credit monitoring, and real-time fraud alerts delivered directly to your phone.