How to Protect Yourself from SIM-Swap and Port-Out Attacks

The FCC has called on carriers to improve their security protections for SIM-swap and port-out attacks. While carriers are unlikely to follow suit in a timely fashion, there are steps you can take to reduce your risk of falling victim to these attacks.

SIM-swap attacks occur when hackers trick your carrier into putting your number on a new SIM. A port-out attack occurs when hackers created a new carrier account under your name. Both methods allow hackers to receive two-factor authentication codes for any account that uses SMS-based 2FA. They also enable standard logins if you set up your accounts with your phone number, rather than an email address or username. In either case, they can use this authentication to gain access to other personal information and accounts.

This is bad news. Because they have access to your 2FA codes or phone number login, it’s very difficult to prove your identity in this situation. By the time you even notice the problem, bad actors might have combed through your entire digital life.

Because of how devastating these attacks can be, the FCC wants carriers to use better protections to ensure SIM-swap and port-out attacks cannot happen. Until then, there are steps you can take to prevent these attacks on your own. Set a PIN or password for your account, if your carrier allows you to. You should also use an authenticator app, rather than SMS, and don’t fall for any communication asking for personal data.