Skip to content

SIM SWAP: The Ultimate Con

Telesign Team July 17, 2019

America loves a good con. Think of some of most beloved movies of all time: Catch Me If You Can, The Sting, Ocean’s 11. White Men Can’t Jump took place on the Venice Beach basketball courts, right in Telesign’s backyard. The point is we love a suave, fast talking, good looking anti-hero that pulls off the big heistÉuntil it happens to us.SIM Swap attacks may not be as glamorous as knocking off the Las Vegas Strip, boosting 747s or hustling hoops at Muscle Beach, but they’re much more real. The SIM Swap fraudster doesn’t look like George Clooney, Brad Pitt or Leonardo DiCaprio. They look like you or me. Their ask is a small one. It starts with a phone call. *Cue dramatic heist planning montage*

Step One: The Call

“Hello this is Generic Cell Carrier, how can I help you?”

“Hello, I l dropped my old phone in the ocean and just got a new device. I was hoping you could port my number to this new sim card.”

“Ok can you provide a password or pin?”

“I don’t think I ever set that up…

Step Two: The Post (2 days ago)

*Fraudster logs onto social media site, searches target. Event info pops up*

Please come to my 35th birthday party this Friday, July 19th at my house 13274 Fiji Way Marina del Rey, CA 90292. Some beer and snacks provided, bring your own Jell-o Shots!

Step Three: The Takeover

“My name is John Doe, my birthdate is 7/19/84 and I live at 13274 Fiji Way Marina del Rey, CA 90292.”

“Ok thanks for verifying your identity John, what is the ID for your new SIM card.”

*Brad Pitt and George Clooney smirk and high five*

/end montage.

The Easiest Con of All

That’s it!!! Can you believe it? All a fraudster has to do is a cursory search of your online behavior or perhaps send a few phishing e-mails and they have enough information to take over your life. Sure, maybe John Doe shouldn’t have doxed himself (though his party sounds dope) and he definitely needs to practice better internet security hygiene, but let’s be honest; most people don’t.

So what happens next?

Well once George Clooney has control of your phone number he will trigger all of your password reset sequences. He will get access to your email, your Twitter, YOUR NETFLIX, your cryptoÉeven your bank accounts.

You can imagine what happens next.

All that sweet, sweet bitcoin you bought back in 2011 for nothing; gone. All those bonus checks you received for working federal holidays; VANISHED. Worst of all you don’t even get to see the finale of Stranger Things 3 because that diabolical fraudster changed your Netflix password just to be a jerk.

Check out this article about a guy who lost 25 grand overnight. Or this one about a guy who lost his life savings.

A simple search on the internet will show that these stories are far from rare. People have lost millions in a matter of seconds.

But there is a silver lining! Telesign cares about the damage that SIM Swap causes to a platform and its users. That’s why we have created a comprehensive data solution that can banish this reality to the silver screen with the likes of Frank Abignale Jr and Jordan Belfort!

*Checks notes, realizes those were both real people and not just movie characters*

Whoops, the point stands. Telesign is making SIM Swap a thing of the past. Our Phone ID data attributes can prevent the damage of SIM Swap fraud by informing platforms of recent phone ports.

Let’s give an example of that shall we?

George Clooney, now with control of your phone attempts to empty your bank accounts and crypto… a value of $100,000. FORTUNATELY, your bank and crypto company use porting history. When the Porting History API returns that the phone was SIM Swapped in the last 24 hours, a red flag is raised and no password reset is triggered barring a manual review.

Your money is safe, and George Clooney stares helplessly into the distance just as he did when he ran out of oxygen in Gravity. Sorry, I agree, the movie metaphors have gone too far.

The main takeaways are…

  1. SIM Swap fraud is incredibly easy.
  2. Telesign can protect your platform and users.

Is your platform protected against SIM Swap fraud and all other varieties of account takeover? Don’t wait for the sequel, contact Telesign today.

This site is registered on as a development site.