How SIM Card Hijacking Works

Last month a hacker who stole $5 million resulting from SIM Hijacking was sentenced to 10 years in jail. In the end, SIM Hijacking or SIM Swapping results in your phone number being taken. Your phone number is the key for 2-factor authentication and other verification processes.

Only one SIM card can be associated with a phone number. This puts the victim in the dark after it is stolen. The phone number has become the golden ticket for access. This makes it extremely sought-after for those attempting to extort money, steal handles or steal.

Here are the simple steps that are being used in the fraud:


1. Get Personal Data

Your personal info is obtained by a fraudster via some means. Data leaks have exposed millions of personal records. Obtaining the last four a social security number or a bit of information from a security question is all that is needed to make an attempt.

2. Convince a Carrier 

The fraudster uses personal info to convince mobile carrier to switch from current SIM to new SIM. There is even evidence that works at the carriers have been bribed or coerced to make the switch.

3. Take Over

With control of new number, fraudster logs into accounts by using two-factor authentication or one-time passwords. Requiring a phone number was supposed to give solid security for password retrieval and access. That trust given to a phone number has been used against the system.

4. Profit

The compromised accounts might be ransomed or used for other nefarious purposes. Accessing the financial records or others accounts are the most direct route to loss. People with high-value social media handles have been extorted to give those up. The phone number might be ransomed for Bitcoins.


The first thing someone concerned should do is call their carrier. Many carriers offer the option to require a PIN for switching SIM cards. Calling your carrier and setting up this PIN or notifying them of your concern for this hacking technique can prevent it from happening. 

Book a Free Consultation

Want to know how this relates to your situation or company? Book a free consultation with a CIPHER expert.

Did you enjoy this blog article? Share it with your friends or comment below.



Founded in 2000, CIPHER is a global cybersecurity company that delivers a wide range of Managed Security Services and Security Consulting Services. These offers are supported by the best in class security intelligence lab: CIPHER Intelligence. With offices located in North America, Europe, and Latin America, 24×7×365 Security Operations Centers and R&D laboratories, the services are complemented by strategic partners around the globe. CIPHER is a highly accredited company holding ISO 20000 and ISO 27001, SOC I and SOC II, PCI QSA and PCI ASV certifications. We have received many awards including Best MSSP from Frost & Sullivan for the past six years.

Our clients consist of Fortune 500 companies, world-renowned enterprises, and government agencies with countless success stories. CIPHER provides organizations with proprietary technologies and specialized services to defend against advanced threats while managing risk and ensuring compliance through innovative solutions.

Recent Security Posts


Twitter Feed