SIM-swapping fraud is rising at a dramatic pace, with cases up 1,055% in 2024 alone. Nearly 3,000 incidents were reported last year, as criminals used personal details from social media to hijack mobile numbers and intercept security codes. It’s a fast‑growing threat – and one advisers need on their radar.
At a glance:
- Criminals hijack a victim’s mobile number to intercept calls, texts and security codes.
- Scams typically start by gathering personal information from phishing, social media or data breaches.
- Once the SIM is taken over, fraudsters can reset passwords and access financial and email accounts.
- Key protections include limiting personal information shared online, using app based authentication, adding account level security with mobile providers, and monitoring for sudden signal loss.
What is a SIM swap scam?
A SIM swap scam is a type of fraud where criminals trick a victim’s mobile network provider into transferring their phone number to a new SIM card that the fraudster controls. Once the scammer has access to the phone number, they can intercept calls and texts, including those used for two-factor authentication (2FA), potentially gaining access to the victim’s financial accounts, email address, and other sensitive services.
How does this scam work?
1. Gathering personal information: fraudsters collect personal details about their target, often through phishing emails, social media and data breaches, or by purchasing information on the dark web.
2. Contacting the mobile provider: the fraudster contacts the victim’s mobile provider, pretending to be them. They may claim their phone is lost or stolen, and ask for a new SIM card to be activated.
3. SIM card activation: if successful, the provider deactivates the victim’s old SIM and activates a new one under the fraudster’s control.
4. Accessing accounts: the fraudster now receives the victim’s calls and texts, including one-time passcodes. With this access, they can attempt to reset passwords and infiltrate accounts, particularly those relying on SMS for authentication.
How can you and your clients protect yourselves?
- Be cautious with personal information. Avoid oversharing personal details on social media and be wary of unsolicited requests for your information.
- Use strong authentication. Where possible, use app-based two-factor authentication (such as authenticator apps) rather than SMS-based codes.
- Set up extra security with your provider. Ask your mobile provider if you can set a password or PIN on your account for added security.
- Monitor your phone’s behaviour. Sudden loss of service (no signal, unable to make calls or send texts) could indicate your number has been ported. Contact your provider immediately if this happens.
- Watch for suspicious activity. If you or your clients receive unexpected messages asking you to confirm account changes or reset passwords, be alert. Always verify with the company directly using official contact details.
- Regularly check account access. Review your accounts for unauthorised access or changes and update passwords regularly.
What to do if you suspect a SIM swap scam
1. Contact your mobile provider immediately and explain your concerns.
2. Change passwords for your online accounts, especially those tied to your phone number.
3. Notify your bank and other relevant institutions, as well as the authorities, of the possible breach.
Staying vigilant and taking proactive steps to secure your mobile and online accounts can help you avoid falling victim to SIM swap scams. If in doubt, contact your service providers for advice on strengthening your security.
Financial adviser verification
This area of the website is intended for financial advisers and other financial professionals only. If you are a customer of AJ Bell Investcentre, please click ‘Go to the customer area’ below.
We will remember your preference, so you should only be asked to select the appropriate website once per device.