How to Tell If Your SIM Card Has Been Hacked

Although a SIM card cannot be ‘hacked’ in the traditional sense, scammers can use a variety of exploits to hijack a phone number for malign purposes. In this article, we’ll discuss common SIM card exploits, as well as signs that your SIM card has been compromised.

If you’re concerned about spyware on your phone, you should check out Certo, an anti-spyware tool for iPhone and Android. Certo scans for suspicious activity and removes spyware — click here to check it out.

Common SIM Card Exploits Used by Hackers

SIM Swapping

When it comes to exploiting SIM cards, SIM swapping is the technique most commonly used. In most cases, it involves a bit of social engineering or stolen personal information. The hacker needs to have enough details to convince a wireless provider that they’re the account holder. Then, they request a new SIM card for a phone line on the account.

After the scammer gets the new SIM card, they can install it in a device they own, and the old one is deactivated. At that point, they can make calls and send and receive texts. In many cases, this also allows them to receive two-factor authentication codes that are sent to the person’s phone number, potentially allowing them to break into other accounts.

SIM Cloning

SIM cloning is a process where a device’s SIM card is physically accessed and copied using a SIM card reader. Once the new SIM card has the copied data, it’s usable. Once the hacker installs that duplicate SIM card in a device, the original stops working, giving them all of the abilities outlined in the SIM swapping section above.

Since SIM cloning requires physical possession of the original SIM card, this approach is less common. However, some scammers are adept at getting the SIM cards, using social engineering or pickpocketing skills, depending on their angle.

How to Tell If Your SIM Card Was Hacked

Calls and Texts Are Not Coming Through

Usually, the clearest sign that a SIM card was targeted by a hacker is that calls or text messages aren’t coming through. This includes an inability to make calls or send texts, as well as not receiving incoming calls or texts.

The main reason this happens is that a phone number isn’t typically connected to more than one SIM card at a time. If the hacker managed to get the service transitioned to a SIM card in their possession, yours stops working. Once that happens, you don’t have the required service for calls or text messages connected to your device.

News from Others About Odd Messages or Calls

While SIM cards are capable of storing contact details, most modern smartphones store that information either in the device or in the cloud. However, if a hacker didn’t just swap or clone your SIM but also gained access to your wireless account, they might contact people showing in your line’s activity records to try and scam them.

For example, they may make claims that they found your phone and ask for money to ship it to a friend to give to you. They might try to impersonate you directly, saying you need cash because you’re experiencing some kind of trouble. Sending messages with malicious links is also a possibility, as well as other types of nefarious activity.

As a result, if anyone you know says you’ve been sending them strange messages or they got an odd call from your number, it’s possible your SIM was cloned or swapped. Contact your wireless provider to learn more about the recent activity and see if any changes to the SIM card associated with your number occurred recently.

It’s important to note that this same strategy may occur over social media instead of through your phone number. That’s more likely if the scammer was able to use your phone number to gain access to your social media account. However, it’s a sign worth looking for if you suspect your SIM was compromised.

No Account Access

An inability to log into your wireless account could be a sign that your SIM card was swapped or cloned. While locking you out of the wireless account isn’t required for either process, some hackers will take that step to make it harder for you to undo what they’ve done. Plus, once they have a device connected to your number, it’s far easier for them to get through verification processes to update the login information, allowing them to functionally take the account over.

In some cases, getting locked out of other accounts that have two-factor authentication set up is also a sign of a compromised SIM card. Once the scammers move the number to their device, they’ll receive the authentication text messages instead of you. As a result, they can potentially access a wide range of accounts and make changes to keep you out.

Message Saying to Restart Your Phone

In some cases, a new SIM card can’t be activated until the old one is disconnected from the network. While this naturally occurs if a legitimate customer needs to replace the SIM card in their phone, as turning the device off is required during the process, it isn’t going to happen automatically if the new SIM goes to a scammer.

As a result, for the hacker to activate their SIM card and take over your number, they’ll need you to switch your device off. In some cases, you’ll receive a message on your device asking you to restart your phone, essentially prompting you to do what the scammer wants.

If you receive an unexpected message saying a restart is required, don’t follow those instructions. Instead, contact your wireless provider immediately to see if a SIM card port is planned for your account. If so, you can take corrective action, making the scammer’s SIM card useless.

Devices Showing in Odd Locations

Many Find My Device features don’t actually track the physical device. Instead, they monitor the location of the SIM card associated with the number. As a result, you may log into those services only to see that the SIM isn’t near your location. It could be in another city, state, or even a different country.

While there are situations where errors do occur, resulting in your device showing in the wrong spot, those are relatively rare. As a result, it’s usually a sign of a swapped or cloned SIM card.

Weird Activity on Bills

In some cases, scammers aren’t concerned about accessing your accounts after they clone or swap your SIM card. Instead, they want to use your wireless service as a way to make calls, send texts, or use data for free. Since it’s your bill, they aren’t listed as responsible for any related charges, allowing them to put that burden on the shoulders of the account holder.

When this happens, the clearest sign of a compromised SIM card is odd activity on bills. That can include call or text logs involving unfamiliar numbers, devices in locations other than where you call or text, or charges for international roaming, calling, data, or texting.

In some cases, you might even see new subscriptions associated with your account. Data overage charges may also occur, depending on your plan.

Recent Requests for Sensitive Information

In some cases, a recent request for information that seemed innocuous was actually a scammer looking for ways to hijack your SIM. If you’re experiencing odd behavior relating to your wireless account – even if your current SIM is still working – it could indicate that a SIM swap is on the horizon.

Examples of the requests include anything that involves information you’d use to verify your identity with your wireless provider. Along with classics like names, addresses, birth dates, and Social Security numbers, requests for your account number and PIN are a red flag.

Recent Device Service or Mailing

Often, one of the easiest ways to clone a device is to have a target person hand over their phone on purpose. One of the most common situations where this could occur is when getting service. For example, if you brought your smartphone to a shop for a repair, that could give a scammer plenty of time to clone your SIM card.

Similarly, mailing your device in for service causes it to cross through a lot of hands, and someone may have taken advantage of the situation to clone the SIM. This can happen even if you mailed the device for a purpose other than service, as anyone who handles the package could feasibly seize the opportunity and clone the SIM.

About the Author

Find Catherine on Firewall Times

Catherine Reed

Catherine Reed is a writer and researcher with experience writing about a wide variety of topics including personal finance, technology, and staffing.