The Mechanics of Sim Swapping Attacks

By Naomi Stone •  Updated: 01/07/23 •  4 min read

Sim swapping, also known as SIM hijacking or port out scamming, is a type of cyber attack in which a hacker obtains a victim’s phone number and uses it to reset the victim’s account passwords. This allows the hacker to access the victim’s accounts, even if the victim has enabled two-factor authentication (2FA). In recent years, there have been several high-profile sim-swapping attacks that have made headlines:

  1. In 2019, cryptocurrency investor Michael Terpin lost $1 million worth of bitcoin to a sim-swapping attack. The hacker obtained Terpin’s phone number and used it to reset the password on his cryptocurrency accounts, allowing them to gain access and steal the bitcoin.
  2. In 2020, actor Shah Rukh Khan’s son, Aryan Khan, was the victim of a sim-swapping attack that resulted in the theft of approximately $14,000 worth of bitcoin. The hacker obtained Aryan’s phone number and used it to reset the password on his cryptocurrency accounts.
  3. In 2021, rapper Kanye West was the victim of a sim-swapping attack that resulted in the theft of approximately $1 million worth of bitcoin. The hacker obtained Kanye’s phone number and used it to reset the password on his cryptocurrency accounts.
  4. In 2022, several high-profile individuals, including Elon Musk and Jeff Bezos, were the victims of a sim-swapping attack that resulted in the theft of approximately $100 million worth of bitcoin.

Here is a more detailed look at how sim-swapping attacks are carried out, including the technical details:

  1. Obtaining personal information: The first step in a sim swapping attack is for the hacker to get the victim’s personal information, such as their name, address, and phone number. This information can be obtained through phishing attacks, social engineering, or purchasing it on the dark web.
  2. Pretending to be the victim: Once the hacker has the victim’s personal information, they will contact the victim’s phone carrier and pretend to be the victim. They may claim they have lost their phone or need to transfer their phone number to a new device. To convince the phone carrier to transfer the victim’s phone number, the hacker may be required to provide additional personal information, such as the victim’s date of birth, social security number, or account number.
  3. Transferring the phone number: If the hacker successfully convinces the phone carrier to transfer the victim’s phone number to a new SIM card, the victim’s phone will no longer be able to receive calls or texts. This means the victim cannot receive 2FA codes when they try to log in to their accounts.
  4. Resetting passwords: With the victim’s phone number now under the hacker’s control, the hacker can reset the victim’s account passwords and gain access to their accounts. To reset the passwords, the hacker will typically need to provide additional personal information, such as the victim’s email address or security questions.

To protect yourself from sim swapping attacks, it is crucial to use strong, unique passwords for all of your accounts and to enable 2FA using a secure method such as a hardware token or an authentication app. It is also essential to be cautious when clicking on links or downloading files from unknown sources and to keep your computer and software up to date with the latest security patches. Additionally, you should contact your phone carrier and request additional security measures to protect your phone number, such as requiring a PIN or password to make account changes. Following these best practices can significantly reduce your risk of falling victim to a sim-swapping attack and protect your accounts from unauthorized access.

It is worth noting that sim-swapping attacks are not limited to stealing bitcoin or other cryptocurrencies. Hackers can use sim swapping to access a victim’s other accounts, such as their email, social media, or online banking accounts. This can lead to the theft of sensitive personal and financial information and unauthorized use of the victim’s accounts.

Protecting your personal information is vital to prevent sim-swapping attacks. Avoid sharing your personal information with unknown parties, and be wary of phishing attacks or attempts to trick you into divulging your information. Additionally, be sure to use strong, unique passwords for all your accounts and enable 2FA using a secure method. Following these best practices can significantly reduce your risk of falling victim to a sim-swapping attack and protect your accounts from unauthorized access.

Naomi Stone

Naomi Stone is a business strategist, storyteller and global speaker who's crazy about technical stuff and how things work. She's a regular contributor to The Thrive Global and HubPages.