Phishing through SIM swapping emerging as the latest cyber threat

While phishing attacks remain one of the most prevalent attack methods for cybercriminals, new cyber threats continue to emerge. As mobile devices and smartphones become more ubiquitous, fraud utilizing these devices will only continue to rise. A recent study found that 60% of fraud originates from mobile devices. And while 80% of mobile fraud comes from downloaded apps, an even more pernicious cyber scam has emerged.1

Nine individuals, eight of which live throughout the U.S. and one of which lives in Ireland, were recently charged with online identity theft and other related charges. “The Community,” as the group is known, are alleged to have committed identity theft through a tactic called “SIM hijacking” or “SIM swapping.” The group utilized two methods to gain control of the victims’ phone numbers — they bribed mobile phone provider’s employees to obtain a copy of the victim’s SIM card or they called the providers posing as the victim of phone theft and requested that the victim’s phone number be swapped to a different SIM card. 

Once in possession of a SIM card controlling the victim’s phone number, the Community was able to route calls and SMS text messages to devices the Community controlled. The Community would then gain control to online email, cloud storage, and cryptocurrency accounts, many times using the victims’ phone numbers to reset passwords or bypass two-factor authentication codes.  

According to the recent indictments, the Community conducted at least seven attacks that resulted in the theft of over $2M USD in cryptocurrency.2

Warning Signs of SIM Swapping

Below are a few tips to check to see if you have been the victim of SIM swapping: 

  • Your device is quiet - Your smartphone or mobile device is unable to make calls or send text messages (likely a sign that your SIM is deactivated).
  • Activation notification - You receive a notification from your carrier that there has been an “activation on another device.”
  • Account lockout - You are unable to access sensitive accounts (e.g., bank, email, etc.) which could mean that accounts have been accessed and passwords were changed.

SIM Swapping Prevention Tips 

Below, we list three options to use to help protect your smartphone from SIM hijacking. 

  • SIM PIN - A SIM PIN is one of the most effective ways to protect your SIM card if cybercriminals have physical access to your lost or stolen smartphone. A SIM PIN prompt appears anytime the smartphone is restarted or whenever the SIM card is inserted into a new smartphone.
  • An authenticator app -Apps such as Authy, Google Authenticator, 1Password and others use a six-digit code from the authenticator app, eliminating the need to text codes. Use the authenticator app for all providers that allow them. Many financial institutions do not allow the use of authenticator apps, in which case, email authentication is the best choice.
  • A PIN for your mobile provider account - Mobile providers typically allow you to create a PIN for use when you want to access your account. If a SIM scammer does not know your mobile provider account PIN, the provider should not provide the scammer with any account information.

Transferring SIM Swapping Risk: Cyber Insurance

SIM swapping is just the latest way cyber criminals have evolved. Fortunately, the cyber insurance marketplace continues to expand their product offerings to meet this dynamic threat landscape. Cyber insurance policies can serve to transfer the severe financial impact of SIM swapping and other forms of cyberattacks from both a commercial and personal risk perspective. Be mindful, however, that each insurance carrier manuscripts their own policy wording, which can drastically expand or restrict coverage for these types of cyber losses. 

A SIM swapping cyberattack can ultimately allow cyber criminals access to corporate networks, and lead to both first party and third-party costs. Most commercial cyber insurance policies will provide coverage for these costs. These may include costs to retain experts to investigate, contain and respond to the attack. There also may be coverage for business interruption and data asset restoration. Additionally, these cyber policies can cover costs to defend and settle lawsuits brought by various parties, including regulators. Some commercial cyber insurance policies have also begun to cover the loss of funds associated with social engineering schemes.  As buyers evaluate their options in the marketplace, they should be aware of new endorsements and key terms that clarify, expand or restrict cyber coverage, including Funds Transfer Fraud, Computer Fraud, Invoice Fraud, and Telecommunications Fraud.

SIM swapping also poses a threat to an individual’s personal financial accounts and other sensitive data. The insurance market has responded by developing policies aimed at covering family offices and high net worth individuals. Insurance policies may be purchased to protect individuals from cybercrimes, including identity theft expenses, cyber bullying, and extortion. These policies also often provide proactive services for individuals, including fraud detection and social media monitoring. Similar to the commercial insurance market, these cyber policies may come with certain coverage restrictions, including sub-limits for specific types of costs and the need to add specific endorsements to cover the theft of cryptocurrency.    


The BLACKCLOAK team is here to provide the advice and guidance you need to protect your smartphone and SIM cards. To learn more about assessing your exposures to cyber threats and mitigating risks, contact the BLACKCLOAK team.


Author Information:

Person Image

Chris Linde

Chief Operating Officer & General Counsel | BLACKCLOAK


1 von Gravrock, Einaras. World Economic Forum. “Here are the biggest cybercrime trends of 2019.” March 4, 2019.
2 The United States Attorney’s Office Eastern District of Michigan. “Nine Individuals Connected to a Hacking Group Charged with Online Identity Theft and Other Related Charges.” May 9, 2019.