• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

All Things Secured

Online Security Made Simple

FREE ONLINE SECURITY CHECKLIST! DOWNLOAD NOW

  • Security Basics
    • Start Here (Security Guide)
    • What is a Digital Footprint?
    • What is a VPN?
    • What is 2-Factor Authentication?
    • What is SmartDNS?
    • Bad Security Habits
    • Http vs Https?
  • VPN Security
    • Best VPNs 2024
    • Best Free VPNs 2024
    • VPN Reviews
      • ExpressVPN Review
      • Surfshark Review
      • NordVPN Review
      • ProtonVPN Review
      • VyprVPN Review
      • Mozilla VPN Review
      • IPVanish Review
      • Avast VPN Review
      • Ivacy VPN Review
      • PureVPN Review
    • Frequent Asked Questions
      • Are VPNs Illegal?
      • Tor vs VPN?
      • What is a VPN Kill Switch?
      • What is Split Tunneling?
      • Zero Log VPN?
      • Free VPN vs Paid VPN?
      • Lightway vs WireGuard vs OpenVPN
      • Increase Internet Speed on VPN?
      • How to Watch Netflix in China?
    • 10 Important VPN Features
    • 5 Best VPNs for Routers
    • Common VPN Myths
    • Common VPN Scams
    • VPN Connection Protocols Guide
  • Password Security
    • Password Manager Setup Guide
    • Best Password Managers 2024
      • 1Password Review
      • Dashlane Review
      • NordPass Review
      • Best iOS Password Manager
    • Frequently Asked Questions
      • How Do Password Managers Work?
      • Are Password Managers Safe?
      • Are Chrome Passwords Secure?
    • Double Blind Password Strategy
    • Using Google Authenticator
  • Email Security
    • Secure Email Providers in 2024
    • ProtonMail Review
    • Email Phishing Scams
  • Resources
    • Help! I’ve Been Hacked!
    • Password Strength Checker
    • Security Checklist PDF
    • Digital Death Checklist
  • About
    • Contact
    • Advertise

What is SIM Swapping? (and how to avoid this attack)

January 29, 2024 By Josh

“SIM Swapping” is a malicious attack targeting your mobile carrier that allows the attacker to gain control of your phone number to intercept any 2-step authentication or verification codes that may be sent via SMS text. Learn more about your SIM (subscriber identity module), what this sim swap fraud looks like, and how you can avoid it here.

What is SIM Swapping? The fraud explained

Key Takeaways

  • SIM swapping can be done remotely without needing physical access to your phone. It’s surprisingly easy for customer service agents to fall victim to social engineering attacks by hackers.
  • Use authentication apps instead of SMS for 2FA. Apps like Google Authenticator are more secure. Physical security keys like YubiKey are even better. 
  • SIM swap fraud can also be prevented by using fake answers for security questions rather than real info.
  • For robust protection, consider security services like Efani which offers encrypted SIM cards and $5 million insurance against the SIM swap scam.

Better Mobile Security and Privacy!

If you’re a US resident and you want even greater privacy and protection against SIM swaps, consider Efani, the world’s most secure mobile service.

According to an FBI report in 2021, the SIM swap scam on your mobile device, also known as “SIM jacking,” continues to rise.

Even after numerous high-profile cases, such as the successful attack against Jack Dorsey, then-CEO of Twitter, SIM swapping continues to be a problem.

In the US, there is an effort by the FCC to combat this vulnerability, but it’s unclear when – or even if – this will turn into anything useful. The bottom line is this:

If you want to protect your mobile phone against SIM swap fraud, you need to take a few easy steps to do so.

Before we jump into the steps you can take to avoid a SIM swap fraud, let’s first explain exactly how SIM swapping works, and why SIM swapping is so dangerous, especially with SMS text verification codes.

What is a SIM Card?

A SIM card, which stands for “Subscriber Identity Module,” is the little card that your mobile carrier gives you to put into your phone.

Without this SIM card, your phone is unable to connect to a cellular network to make phone calls, receive text messages or access mobile data. The only way you could use such a phone would be by connecting to Wi-Fi.

SIM card vs eSIM card

In other words, a SIM card is what a mobile carrier uses to provide service to your phone.

In newer phones you can get an eSIM for international travel instead of a physical SIM card, but it still works the same.

SIM Swap Guide | How Does it Work?

To get a better understanding of what is a SIM swap attack and how it works in real life, let’s consider a fictitious character by the name of “Sandy”.

Sandy is your typical internet and phone user who hasn’t taken the time to increase privacy on her Facebook account and uses the most basic of 2-factor authentication on her financial accounts: SMS text.

One day, while Sandy is going about her own business:

  • The Research Phase: Somebody on the other side of the world starts gathering mobile data on Sandy. They either purchase her data that has been stolen and put up for sale on the dark web, or they look at her public Facebook page.
  • The Impersonation Phase: The attacker calls her mobile phone carrier (AT&T, Verizon, Virgin, etc.) claiming to be Sandy, and tells the customer support agent that she (Sandy) has lost her phone along with the SIM card. The customer support agent asks several verification questions that include their email address (which the attacker bought online), her mother’s maiden name (which the attacker found on Facebook), and her address (which was also easily found online).
  • The SIM SWAP: Once convinced that the attacker is actually Sandy, the customer support agent for the mobile carrier moves the phone number from Sandy’s current phone SIM card to the attacker’s phone. Sandy’s phone can no longer send or receive phone calls and texts.
Sandy is the victim of a SIM swap attack
  • The ATTACK: Now that the attacker has control of Sandy’s phone number, they will go around to her bank accounts, her email, and her social media accounts and other online accounts to request an account reset and gain access. Many of these companies will verify using a text message code which is now being sent to the attacker’s phone number instead of Sandy’s.

Before Sandy even realizes that her phone can no longer make phone calls or send texts, she has now lost access to her online accounts because of this SIM swap fraud. And the attacker didn’t even need access to her physical SIM card in order to gain access to these accounts!

What Makes SIM Swapping Dangerous?

As you can tell from the example above, a digital SIM swap has the potential to be very dangerous. A few of the reasons for this include:

  • Sim swap attacks can be done remotely. This means that cybercriminals don’t necessarily have to steal or touch your phone to do a SIM swap. They don’t have to remove your SIM card and put it in their phone.
  • It’s not simple to detect. After an attack, it may take some time before you realize that you can’t make a phone call anymore or you just aren’t receiving text messages.
  • It’s surprisingly easy to do. In 2020, researchers at Princeton University found that out of 50 attempts to do a fake sim swap, 39 of them were successful. That’s around an 80% success rate.

Different mobile carriers are implementing different sets of security measures to protect against SIM swapping, but the attack persists.

Why?

For one simple reason: the weakest link in this chain is the customer support agents who are usually not well-trained nor well-paid

Call center employees on the phone

Call center employees aren’t the highest paid or well-trained, which makes them a prime target for the SIM swap scam.

How YOU Can Avoid Being SIM Swapped!

What is a SIM swap? Hopefully we’ve been able to answer that thoroughly for you. There are many steps you can take to prevent SIM swapping, some of which include the following:

  • Don’t use SMS text as a 2FA verification process. If possible, use authenticator apps like Google Authenticator for your 2FA verification process. If you want more security, you can invest in a physical two-factor authentication key. I prefer and recommend the YubiKey
  • Call your mobile phone provider. Ask your phone provider about what protections they’ve put in place. You may achieve better account security with a PIN code or add extra security questions. While these measures aren’t fool-proof protection, it’s still better than nothing.
  • Set a PIN for your SIM card. Some carriers allow you to set a PIN for your SIM card which could help. But be careful because if you do it wrong, you can actually lock yourself out of your SIM card.
  • Don’t give real answers to verification questions. Whenever you’re asked for information used to verify your identity, don’t tell the truth. Make something else up or write the answer backwards.

That last tip is important for SIM swap attack prevention!

If you’re asked to provide your mother’s maiden name or the name of your first dog, it’s better to come up with fake answers that you always use instead of the real answers that can often be found online.

Of course, you could opt to use encrypted SIM cards as a protection against SIM swapping instead.

Secure Mobile Carrier Alternative (Efani)

If mobile privacy is a serious concern for you, there are lesser-known alternatives like Efani.

Efani secure mobile service to protect against SIM swap fraud

Efani is one of the best secure mobile providers in the US that offers the best encrypted SIM card that adds another layer of security to your mobile phone by replacing your current phone service plan. You can get a new number or you can port your phone number to their service which operates on top of the AT&T network in the United States.

What are the benefits of paying for this kind of security and privacy service? In this truncated Efani review, I’ll share what they offer:

  • Protect Against ALL SIM Swaps: They offer an 11-layer authentication process that pretty much eliminates any risk of a SIM swap attack;
  • Insurance protection: Because of this authentication process, they’re able to offer $5 million in insurance against any losses related to SIM swap fraud that leads to identity theft.
  • Privacy: Even more than that, I like the fact that AT&T does not have my personal information. As far as they are concerned, Efani is their customer and not me.
Visit Efani Website

An encrypted SIM card is not a solution that works for everybody, but you can learn more about whether it is a good option or not for you in our in-depth Efani review.

Watch the full SIM Swap Video

Be sure to subscribe to the All Things Secured YouTube channel!

Further Reading & Resources

  • Android vs iOS privacy and security
    iOS vs Android | Which has Better SECURITY & PRIVACY in 2024?
  • Complete VPN Protocols Guide
    VPN Protocols Explained (which you should use and avoid)

Download the Security Checklist!

A Free Resource from All Things Secured

    Primary Sidebar

    Download the free online security checklist!
    Check your password with this password checker by All Things Secured

    Best Personal Privacy Tools

    Use DeleteMe to Remove Your data onlineDeleteMe (remove personal data online)
    Use Traveling Mailbox to keep your address privateTraveling Mailbox (private virtual address)
    Hushed private second phone numberHushed (private 2nd phone line)

    Recommended Password Managers

    1Password Logo Mark1Password (Best Overall)
    Dashlane Logo MarkDashlane (Best for Businesses)
    Bitwarden Logo MarkBitwarden (Best Free Option)

    Best Secure Email Providers

    ProtonMail Logo MarkProtonMail (Best Gmail Alternative)
    StartMail Logo MarkStartmail (from StartPage)
    Mailfence Encrypted EmailMailfence

    Recommended VPNs

    ProtonVPN Logo MarkProtonVPN (Best Overall)
    NordVPN Logo MarkNordVPN (best for streaming)
    iVPN Logo MarkiVPN

    Best Identity Theft Protection

    Identity Guard Logo MarkIdentity Guard (Personally Recommended)

    Copyright © 2025 · Affiliate Disclaimer 
· Privacy Policy
 · Advertise
 · Contact