From the rampant spread of SIM swap scams to the 2024 Westminster WhatsApp scandal, it seems every week there's a new headline about mobile safety. In such an environment, it can be daunting to use your phone online. Fortunately, there are concrete and manageable steps we as consumers can take to minimise any kind of data breach on our mobile devices. Here we outline how some common SIM scams work, including SIM swaps, and how to protect yourself from them.
What is a SIM swap scam?
SIM swap scams are one of the most notorious and widespread methods hackers use to gain access to mobile devices. They’re a popular choice among scammers as they’re hard to detect and can be done completely remotely.
In a SIM swap, the victim’s mobile network provider is persuaded to swap or ‘port-out’ the victim’s phone number from their current SIM to a SIM in the hands of the scammer.
Once this is achieved, the perpetrator can use their own device, under the victim’s name and phone number, to send messages, log into their online accounts, and otherwise upend the life of their target.
SIM swaps are so difficult to spot as the deception focuses on the phone company, not the victim.
In order to successfully convince the network provider to port-out a number, the scammer needs to provide personal information or passwords from the target – these are often obtained themselves through separate scams, such as phishing attacks, or purchased on the dark web.
In the case of a SIM swap, the only effective cure is prevention. Use a reliable network provider, avoid unsecured networks and make sure you set up device-based two-factor authentication on your smartphone, laptop, iPad, or any other devices you own with a SIM card or eSIM.
Are eSIMs safer than SIM cards?
It’s important to note that neither eSIMs nor SIM cards are 100% safe from outside attack. SIM swap attacks can affect devices with eSIMs as well as SIM cards. No matter how modern your device, the most effective way to protect your data is to take the steps outlined below.
In a smartphone, the removable nature of the SIM card is itself a risk factor. It makes it incredibly easy for someone to strip the device of its connectivity and its old profile by simply discarding the original owner's SIM.
This is simply not possible with an embedded chip. An eSIM cannot be removed, and unless the person trying to change the profile knows a specific security key, they won't be able to overwrite the current profile. Not only does this make reselling stolen devices much harder, it also ensures that recovering them is easier than ever. The moment an eSIM-enabled smartphone is switched on it will have connectivity and could potentially be traced. This tracking capability would also be extremely useful on a larger, industrial scale. Vehicles, equipment, and any other hardware with eSIM connectivity are easier to locate, so accidental loss or deliberate theft can be solved faster.
As eSIM usage becomes more normalised, these benefits will be increasingly evident. Security comes from connection – from being able to keep track, stay in touch, and protect our devices. That's exactly what embedded SIMs aim to do.
Hackable non-phone devices
Of course, the scams aren’t just limited to phones. Any internet-connected device can be hacked if needed. Cellular smartwatches, tablets, laptops – even cars and kitchen appliances can be equipped with eSIMs. ‘IoT’, or the Internet of Things, is an umbrella term that refers to this network of wirelessly connected appliances and gadgets.
Almost any device we think of as ‘smart’ - smart fridges, smart watches etc. - is a part of the Internet of Things and has the potential to be hacked. Where before, this technology was considered highly technical and complex to implement, today we are seeing a spike in IoT connectivity across a multitude of sectors and use cases, largely down to the rapid improvements brought about by IoT eSIMs and SIM cards.
What can consumers do to protect their data?
Thankfully, there are actionable steps consumers can take to minimise the risks of SIM swaps, theft, scams or hacks. While no phone is 100% secure, following these steps will immediately bolster your online security and deter thieves.
- 1
Turn on 2-factor authentication. Specifically, a device-based service like the Google, Microsoft or Apple Authenticator apps. This means that if your SIM is stolen, or someone attempts to log in to your Google, Microsoft or Apple account, it will need to be verified first on your physical handset.
Authentication via SMS is better than nothing, but not nearly as secure as a device-linked service. - 2
Add a passcode to your SIM card. Whether you have an eSIM or a physical SIM card, you have the option to add a passcode to it. This means that if you have a physical SIM card and it gets lost or stolen, the card will need to be unlocked with a numerical passcode before the data inside can be accessed. Loss or theft of the SIM is of course not an issue for eSIM users, but it’s still a step worth taking. Just be sure to remember your PIN.
- 3
Remotely erase your phone. If you suspect your phone, tablet or smartwatch is compromised, you can remotely wipe it and lock the device. Android and Apple devices both offer this service.
- 4
Use a secure network. If you travel often, make sure you’re not relying on unsecured or unfamiliar networks. BetterRoaming eSIMs are part of the 1GLOBAL network, which is GSMA-certified to meet the highest industry standards of security across 160+ countries.
Try an eSIM on your next trip – here’s how
Discover the ease of use, low costs and improved security of an eSIM for yourself with BetterRoaming.
We offer eSIM plans for iPads in 60 countries around the world, and phone plans in over 160. Discover our range of eSIMs here and find the perfect plan for your next journey.
