The tactics of cybercriminals evolve constantly. One attack vector growing rapidly in both scope and sophistication is known as SIM Swap, and criminals are using it to target your personal information through your mobile devices.
SIM stands for Subscriber Identity Module, and it’s essentially your digital fingerprint. SIM cards are inserted directly into your phone, while eSIM-enabled devices store this information inside the phone digitally.
According to the FBI Internet Crime Complaint Center, SIM Swap complaints rose more than 400 percent between 2018 and 2021, with personal losses totaling over $68 million. And since we implemented enhanced security policies against SIM swapping in June 2024, we’ve seen firsthand that the threat isn’t slowing down.
Here’s what you need to know about this security threat.
What Is SIM Swapping?
Sometimes called Port-Out Fraud, this type of identity attack involves a scammer impersonating you. Using information gathered from social media, phishing emails, or compromised credentials found online, they try to trick your carrier into transferring your phone number to a rogue SIM card or new carrier account.
With your number under their control, the attacker’s device begins receiving calls and texts intended for you, including your two-factor authentication codes, password reset links, and sensitive verification messages. In effect, your number becomes a master key to your digital life, and your email, bank account, private details, and critical applications at risk.
The growing threat
While SIM cards, including eSIMs and eUICC-based profiles, were designed for flexibility and operational efficiency, they now present a technical vulnerability when abused. Whether done through cloning your SIM, exploiting weak authentication protocols, or using tools to install rogue applets or Java Card bytecode, attackers have developed numerous ways to subvert even GSMA-compliant specifications.
How to stay protected
In June 2024, we began offering a new feature called SIM Change & Port-Out Lock to give customers more control over their accounts and protect against unauthorized SIM swaps or number transfers.
To enable these features, simply access your C Spire account online or through the My C Spire app and click Account Settings. Once you’ve enabled them, these locks apply to all lines on your account, adding an extra layer of verification that prevents anyone from initiating changes without your explicit approval.
You can also add to those protections by following a few online guidelines:
- Avoid sharing personal information on public platforms that could be used to impersonate you.
- Be cautious when you download or install applications, especially outside of verified app stores.
- Watch for phishing emails or SMS messages that attempt to trick you into revealing security codes or account keys.
- Use strong, unique passwords and enable two-factor authentication (2FA) for your most sensitive accounts, preferably with an authenticator app, not just SMS.
- Understand the mode of operation behind SIM Swapping fraud so you can recognize red flags early.
- Keep your devices updated with the latest security patches and specifications.
To learn more or enable SIM Change & Port-Out Lock, please click here.
