Person using double validation online

New scam alert: SIM swapping on the rise

How to protect yourself and your accounts

ByJenna Hardie
October 7, 20244 min read

Your phone holds a lot of value as a way of connecting to friends and family—but it can be even more valuable to scammers. Through a scam called "SIM swapping," or SIM port hacking, cybercriminals gain access to your phone number and take it over, which can result in steep consequences.

SIM swapping is a form of identity theft that allows criminals to intercept calls and texts to your phone number. This means that if you have protections on your accounts—such as two-factor authentication with SMS texts—that these bad actors can gain access to your logins including your bank accounts.

"We saw an uptick in this kind of scam when the U.S. passed a law that said phone carriers had to let you take your phone number with you to another carrier," said Kris Jackson, director of cybersecurity engineering and operations at BOK Financial®. "This created a gap for porting numbers from one carrier to the next using information that was gathered through data breaches or social engineering."

In 2023, more than $48,798,103 in losses were reported due to port jacking or SIM swapping scams, according to the FBI's Internet Crime Report. Jackson said some of these instances can be traced back to an uptick in data breaches, which may provide criminals with personal information.

"If you're over 30, your info is pretty much public record," Jackson said. This is a result of the Equifax breach in 2017 where hackers stole sensitive, personally identifiable information of nearly half of all American citizens—more than 150 million people. Scammers can then use this information to convince a cell phone provider to transfer your phone number to another carrier and a phone in the criminal's possession. This includes information like your mother's maiden name, Social Security number, address and much more.

How SIM swapping works

First, cybercriminals target mobile carriers using personal information to gain access to their victim's account, usually collected by engaging in social engineering, insider threat or phishing techniques. These criminals often impersonate their victim and trick the mobile carrier into transferring the mobile number to a SIM card owned by the criminal.

"Every carrier handles this differently," Jackson said. "There are some who will port your number with almost no information because of a lack of training, no formal process, etc. Others are more formal about it, and it directly relates to the size and maturity of the organization to make sure this happens more securely."

Next, once they've ported the number, the criminals will use the victim's calls or texts to gain access to online accounts associated with the mobile phone number.

At this point, the criminals can gain control of online accounts, change passwords or use codes to access even more sensitive information.

"It's worth nothing that if your phone stops working or you're suddenly unable to make calls or send texts, that might be what's happening to you," Jackson said. "In that case, immediately take steps to change your passwords, keep an eye on your accounts and monitor your credit closely."

How to protect yourself

Jackson suggested a few ways that consumers can protect themselves from port-jacking, including:

1. Taking your mobile carrier's security into account. "Outside of which carrier you elect to use, there's little you can do to protect yourself," Jackson said. Look for carriers that have additional security protocols in place, such as having a pin requirement to make account changes.

2. Avoiding using SMS/text messages for authentication. "With these new threats, SMS and voice one-time passwords are not strong enough," Jackson said. Instead, he recommends using hard tokens or passkeys to verify accounts. Hard tokens allow users to access software and verify identity with a physical device rather than relying on authentication codes or passwords. A passkey is a digital credential that allows users to sign into websites and apps without a password—using biometric verification, like a fingerprint or face scan. Both options can offer better protections for consumers.

3. Creating strong, complex passwords that you don't repeat across multiple accounts. "You know you've created a password that's effective when you can't memorize it," Jackson said. Password protection software can help you create and manage your account passwords.

4. Placing freezes at credit bureaus. "Doing this can help protect you from identity theft and fraud," Jackson said. When you need to use your credit, you can then temporarily unfreeze it.

"Ultimately, it's a good idea to move away from using SMS as an authentication method," Jackson said. "As criminals get smarter, consumers need to be better able to protect themselves by changing the way they manage and protect their accounts."

Topics
Subscribe

Related Content

    BOK Financial Corporation is a more than $50 billion regional financial services company headquartered in Tulsa, Oklahoma with more than $105 billion in assets under management and administration. The company's stock is publicly traded on NASDAQ under the Global Select market listings (BOKF). BOK Financial Corporation's holdings include BOKF, NA; BOK Financial Securities, Inc., and BOK Financial Private Wealth, Inc. BOKF, NA's holdings include TransFund and Cavanal Hill Investment Management, Inc. BOKF, NA operates banking divisions across eight states as: Bank of Albuquerque; Bank of Oklahoma; Bank of Texas and BOK Financial (in Arizona, Arkansas, Colorado, Kansas and Missouri); as well as having limited purpose offices Nebraska, Wisconsin, Connecticut and Tennessee. The entities held by BOK Financial Corporation are periodically referred to collectively as BOK Financial Corporation Group. Through its subsidiaries, BOK Financial Corporation provides commercial and consumer banking, brokerage trading, investment, trust services, mortgage origination and servicing, and an electronic funds transfer network. For more information, visit www.bokf.com.

    Securities, insurance, and advisory services offered through BOK Financial Securities, Inc., member FINRA/SIPC and an SEC registered investment adviser. Services may be offered under our trade name, BOK Financial Advisors.

    Investments involve risk, including loss of principal. Past performance does not guarantee future results. There is no assurance that the investment process will consistently lead to successful investing. Asset allocation and diversification do not eliminate the risk of experiencing investment losses. Risks applicable to any portfolio are those associated with its underlying securities.

    INVESTMENT AND INSURANCE PRODUCTS ARE: NOT FDIC INSURED | NOT GUARANTEED BY THE BANK OR ITS AFFILIATES | NOT DEPOSITS | NOT INSURED BY ANY FEDERAL GOVERNMENT AGENCY | MAY LOSE VALUE.

    The content in this article is for informational and educational purposes only and does not constitute legal, tax or investment advice. Always consult with a qualified financial professional, accountant or lawyer for legal, tax and investment advice. Neither BOK Financial Corporation nor its affiliates offer legal advice.

    BOK Financial® is a trademark of BOKF, NA. Member FDIC. Equal Housing Lender . © 2025 BOKF, NA.