If you're not familiar with "SIM jacking" as a term, it's a relatively new form of crime that is on the rise. SIM jacking occurs when a criminal gains access to your cellphone number and then uses your SIM card to make calls, send texts, and use data. This can result in expensive phone bills and a lot of headaches for the victim.

So, what is SIM jacking? How can you protect yourself from it? And what can you do if you become a victim?

What Is SIM Jacking?

SIM jacking is a type of identity theft that targets your phone number. Attackers can use SIM jacking to take over your cellphone account and gain access to your personal information, including text messages, contacts, and financial accounts. They can also use it to make calls and send text messages in your name.

Furthermore, if your phone number is registered with your bank account, the hackers can bypass the Multi-Factor Authentication (MFA) and reset your password to gain access to your financial accounts. They can also use your phone number to sign up for new accounts in your name, like email or social media accounts.

SIM jacking is relatively new, but it's becoming more common as our lives move increasingly online. And it's not just celebrities and high-profile individuals who are at risk. SIM jacking can happen to anyone with a phone number.

How Does SIM Jacking Work?

SIM jacking usually starts with a type of phishing attack. Attackers will send you a text message or email that looks like it's from your cellphone carrier. The message may say there's been suspicious activity on your account or that you need to update your information.

SIM card as a fishing trap hook

If you click on the link in the message, you'll be taken to a fake website that looks like your carrier's. The website will ask you for your personal information, including your name, address, and date of birth. It will also ask for your cellphone number and the account PIN.

Once the attacker has your information, they can contact your carrier and request a new SIM card be sent to them. After receiving the new SIM card, they can take over your cellphone account and gain access to your personal information.

SIM Jacking Using SIM-Jacker Software

Apart from the above method, another has been discovered which uses a piece of software called SIM-Jacker. SIM-Jacker is a type of spyware program that can be installed on a victim's phone without their knowledge and then used to send commands to the SIM card that can take over the phone.

In a SIM-jacker attack, a special spyware-like malware is sent to a phone through an SMS. This code is basically for instructing the Universal Integrated Circuit Card (UICC) to take control of the phone in order to retrieve and execute sensitive commands.

The attacker gains access to the device's location and—more importantly—the Cell-ID via the SMS. With this, the hacker would successfully gain access to your device.

The dangerous thing about this attack is you wouldn't even be aware that your device has been compromised, as you won't receive any alerts about a potential attack.

How to Protect Yourself From SIM Jacking

Nonetheless, you can do a few things to protect yourself from SIM jacking.

First of all, keep your personal information safe. Not all information is meant to be posted online. Be careful about who you give your sensitive information to, and never click on links in text messages or emails unless you're sure they're from a trusted source.

Next, you should avoid using the SMS medium for MFA. Instead, you can enable MFA using an authentication app like Google Authenticator or Authy.

You should always keep a close eye on your cellphone account. Watch for any suspicious activity, like text messages or calls you didn't make, and report it to your carrier immediately. Also, look for other activities such as unexpected charges, new account registrations, or any other activity that seems out of the ordinary.

If you tend to avoid installing the latest updates on your devices, this can lead to security vulnerabilities on your device. Be sure you keep your phone's operating system and applications up to date. Security updates often include patches for newly discovered vulnerabilities.

Next, you must keep your device equipped with a security program. Security software can help protect your phone from malware, including spyware, like SIM-Jacker. Look for a program that includes anti-spyware protection and ensure it's always up-to-date.

What to Do if You Think You’ve Been SIM Jacked

If you think you may have been the victim of SIM jacking, there are a few things you can do...

  • Contact your carrier: The first thing you should do is contact your cellphone carrier. They may be able to deactivate your old SIM card and activate a new one.
  • Change your passwords: Once you have a new SIM card, change the passwords for all your accounts. This includes email, social media, banking, and any other accounts that use two-factor authentication.
  • Make your friends and family aware: After jacking your SIM, the attackers can contact your family and friends by impersonating you and asking them for favors such as lending money or spreading malware. So as soon as you suspect your SIM is compromised, inform your contacts about it, so they do not get phished.
  • Re-authenticate WhatsApp with a new SIM: The attackers can get hold of your WhatsApp account after SIM jacking. Be sure you re-authenticate your WhatsApp account after getting a new SIM card.

In any case, you must be proactive and take immediate action to avoid greater loss due to SIM jacking.

Is SIM Jacking a Major Threat?

SIM jacking is a serious threat, but it's not as common as other types of identity theft. This is because it requires a high level of technical expertise and can be difficult to pull off. However, if you're a target, the consequences can be devastating.

This is why it's important to be aware of the risks and take steps to protect yourself. If you think you may have been the victim of SIM jacking, contact your carrier immediately and get a new SIM card.