Have you given any thought to your SIM card lately? I have been using mine for nearly a decade now, and tend to forget that it even exists until it’s time to get a new phone. That’s the only time I see it, as I go through the fiddly procedure of getting the tiny card into the card tray, and negotiating the assembly into the card slot—I always swear that I’ll get a new card, one that’s cut more precisely, then forget about it until the next time.
You and I might forget about the little card, consider it part of our phones, but scammers know that a SIM card is all they need to hijack a person’s entire online presence.
A friend working for a phone carrier shared the story of an older gentleman who had his Google account taken over after he was directed to make a few calls.
A SIM swap story
On a Monday morning, the man, let’s call him Jack, received a text letting him know that he won two tickets to a cruise, and all he had to do was call the provided number and claim his prize. He was excited, and dialled straight away. Unfortunately, the first number didn’t work—some technical problem the company was very sorry about—and he was directed to make another call. He rang the second number, where a recorded voice informed him that the cruise was cancelled. Shame, he thought, would have been fun.
That was the last Jack thought of the whole episode, but little did he know that his troubles had just begun.
The next day, Jack woke to a notification from Google on his phone: your password was successfully changed. He went into a panic. There have been stories of hacked accounts, but Jack never thought he’d be a target, he was hardly wealthy, after all. But that didn’t matter. With access to his Google account, scammers found the photo of his passport he sent to his son, found the doc where he kept all his passwords, gained access to his online banking, and made off with his entire savings account. It took almost a year for Jack to regain control of all his accounts. Thankfully, he had family and friends to help him out in the meantime, but his personal data is still out there, giving him sleepless nights.
What happened to Jack is by no means unique. Scammers gained access to his SIM card, because the recovery procedure Jack’s mobile provider was using was faulty. The same thing happened to Twitter CEO Jack Dorsey, in 2019, when he inexplicably started tweeting racial slurs and praise for Adolf Hitler.
What can you do?
If you want to keep using your phone as the backup for your Google account, make sure that you don’t call unknown numbers, or contact your provider to learn about their security procedures. Better still, all Goggle customers have the option to use their smartphones for two-step verification; this way, users can confirm their login through a pop-up on their phone (Android and IOS options available).