$17K Gone in a Flash: The Hidden Danger of SIM Swap Scams

Maryland woman loses $17K in SIM card swap scam despite two-factor authentication (YouTube link)

What is a SIM Swap Scam?

A SIM swap scam involves fraudsters tricking a victim's mobile carrier (e.g., Verizon, T-Mobile) into transferring the victim's phone number to a new SIM card controlled by the scammer. They pose as the victim, claiming a lost/stolen phone, and use stolen personal info (from phishing, social media, or data brokers) to verify identity. Once successful, the scammer intercepts all calls, texts, and data, primarily to bypass two-factor authentication (2FA) via SMS for accessing bank accounts, emails, or other services—leading to account takeovers and financial theft.

The scam typically follows 12 steps:

• Scammer calls carrier pretending to be victim
• Claims phone is lost/stolen
• Requests new SIM for the same number
• Provides stolen personal info for verification
• Carrier activates the new SIM
• Scammer receives victim's communications
• Scammer resets victim's account password
• Site sends 2FA code via text
• Scammer intercepts and enters the code
• Gains account access
• Changes passwords to lock out victim
• Drains funds

Cases surged in late 2023, per reports.

Warning Signs of a SIM Swap Attack

• Sudden loss of phone service (calls, texts, data) without explanation, or an unexpected carrier notification about SIM activation on a new device
• Alerts for suspicious account activity or login attempts from unfamiliar locations
• Inability to access accounts due to password changes or failed logins
• Unauthorized transactions or charges on financial accounts

If suspected, follow Avast Academy's recovery steps: contact carrier/bank immediately, dispute charges, and secure accounts.

Prevention Tips

• Ignore unsolicited requests: Never share personal info via unsolicited calls/emails/texts; verify independently using official contacts.
• Limit online sharing: Avoid posting full name, address, birthdate, or phone number on social media to hinder scammer profiling.
• Secure your carrier account: Set up a PIN/password with your provider to block unauthorized changes.
• Enable alerts: Opt-in for notifications from banks/carriers about account changes or activity.
• Upgrade 2FA: Use app-based (e.g., Google Authenticator), biometric (e.g., Face ID), or hardware keys (e.g., YubiKey) instead of SMS—avoid password reuse and ensure complexity.

Sources

• FTC and Avast Academy. 
• MFA is better than passwords alone, but non-SMS methods are most secure.