Protect yourself against SIM swapping

How to protect yourself

• Be careful where you share identity information

  Your personal information can be used to impersonate you, particularly when it’s used as part of an identity confirmation process.

  If you know your mobile phone provider confirms your identity by asking for personal information like your date of birth or address, make sure it’s hard to find online. Don’t share this information on your public social media accounts where anyone can find it.

  How to protect your privacy online

• Be creative with your account recovery questions

  For some services, when you set up your account you’ll be asked to provide answers to a set of security questions – like ‘what’s your mother’s maiden name?’. These are generally used as a way to identify you if you forget your password and need a prompt.

  Unfortunately, these are also easy things for an attacker to find out, and could be used to gain access to your accounts without your knowledge. Where you can, make up something memorable but untrue that an attacker couldn’t find through a simple search of your name. You can use a password manager to store these answers too.

• When there’s a choice, use an app-based two-factor authentication (2FA)

  SMS 2FA is better than a password alone, but there are often stronger options available. Ask your bank or service provider if they offer other forms of 2FA for account access. You might be able to use an app-based authenticator that generates a new code every 60 seconds, or one that sends you a push notification, instead of sending you a code by text.

  Use two-factor authentication to protect your accounts

• Check your provider's policy

  Talk to your provider about what they can do to help protect you against SIM swapping. Ask them what the process is for moving a mobile phone number to a new SIM card. Some providers might request a confirmation by text, whereas others will ask to see physical ID at the store before they'll do this.