SIM swapping, also known as SIM swap fraud, is a form of digital identity theft in which criminals attempt to gain control over your mobile phone number. They do this by having your SIM card number transferred to a new SIM card — usually one they physically possess. Once they control your number, they can receive MFA (multi-factor authentication) codes (such as SMS messages) and potentially gain access to your (private) email, bank accounts, or other sensitive accounts.

How does It work?

  • The fraudster typically begins by collecting your personal information through phishing, data breaches, social media, or dark web marketplaces.
  • Using the gathered data, the fraudster impersonates you and requests a SIM swap from your mobile provider — for example, by claiming the phone was lost.
  • Once the provider processes the request, your number becomes active on a new SIM card that the fraudster owns.
  • With your phone number, the fraudster receives all verification codes and password resets, which can give them access to critical online services such as email, WhatsApp, or online banking.

Vulnerabilities in IoT devices

IoT systems that rely on SIM cards for connectivity can also be vulnerable to SIM swapping. Criminals can hijack IoT devices, intercept data, and disrupt operations. This poses risks even within our industry, particularly concerning 4G–5G connections and alarm transmissions.

Impact on IoT systems

IoT devices frequently use IoT SIM cards for identity verification and data transmission.

  • A criminal can hijack IoT devices by taking control of their SIM cards — or simply stealing them. This gives them the ability to intercept data or alter device functions if those are not protected by an IoT network security system.
  • Data Theft: Sensitive information transmitted by IoT devices — such as GPS data or sensor readings — can be intercepted and exploited.
  • Operational Disruption: Critical and distributed IoT systems, like smart meters, payment terminals, or vehicle trackers, can be rendered unusable — impacting business operations and customer service.

What are the risks?

  • A criminal can hijack IoT devices by taking control of their SIM cards — or simply stealing them. This gives them the ability to intercept data or alter device functions if those are not protected by an IoT network security system.
  • Data Theft: Sensitive information transmitted by IoT devices — such as GPS data or sensor readings — can be intercepted and exploited.
  • Operational Disruption: Critical and distributed IoT systems, like smart meters, payment terminals, or vehicle trackers, can be rendered unusable — impacting business operations and customer service.

How can you protect yourself?

  • Use an authenticator app instead of SMS
    Apps like Google Authenticator or Microsoft Authenticator are safer than SMS because they don’t rely on your phone number.
  • Set up an extra PIN or password with your provider
    Many mobile providers offer additional protection for your SIM card or customer account.
  • Be cautious with personal information
    Don’t share personal data on social media — not even in seemingly harmless posts or quizzes.
  • Watch for suspicious signs. Suddenly have no network? Or notice your phone number isn’t working? That could be a sign of SIM swapping. Contact your provider immediately.
  • Use unique passwords. Make sure each service has a unique and strong password, preferably managed via a password manager.

SIM swapping is a sophisticated and rapidly growing form of fraud. With relatively few resources, criminals can cause significant damage. Fortunately, you can protect yourself effectively by handling your personal data carefully, using strong authentication methods, and staying alert to suspicious activity.