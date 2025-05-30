Home / Technology / Tech News / Rising cyber threats: Here is how to protect yourself from SIM-swap fraud

Rising cyber threats: Here is how to protect yourself from SIM-swap fraud

The M&S incident is being widely reported as an example of what is known as "SIM swap". It's a form of fraud that is on the rise and understanding how to protect against it will help limit its impact

Cybersecurity, cyberattack
The Conversation
5 min read Last Updated : May 30 2025 | 3:00 PM IST
Connect with us
Facebook IconLinkedIN Icon

Our mobile phone numbers have become a de facto form of identification, but they can be hijacked for nefarious purposes. Just such an attack may have been involved in the recent very damaging cyber-attack on Marks & Spencer (M&S).

The hack happened in April and forced M&S to stop taking online orders. It also caused disruption to some of its stores. The company has said that its online business could be disrupted into July and could result in an estimated £300m hit to profits.

The M&S incident is being widely reported as an example of what is known as “sim swap”. It’s a form of fraud that is on the rise and understanding how to protect against it will help limit its impact.

Our mobile numbers are unique and we have them for years. This means that users generally want to keep hold of their number when they change they phones, or lose them. When a user buys a new phone, or just a new sim card for a spare device they might have, they might call their service provider to transfer their longstanding mobile number to the new sim card.

The problem is that the service provider doesn’t know if it is really them calling to transfer the number. Hence, they launch into a series of questions to make sure they are who they say they are.

But what if someone else has the answers to the questions the service provider asks? Is your mother’s maiden name or that of your first pet really that secret?

Also Read

TCS probes role in cyberattack on UK retailer M&S after £300 mn profit hit

Marks & Spencer cyberattack to cost $403 million in operating profit

Premium

Op Sindoor: India Inc's cyber shield holds firm against swarm of hackers

Premium

Indo-Pak tensions: PSBs fortified ops in sensitive areas along border

BSE issues cyber risk advisory to market participants amid rising threats

ALSO READ: YouTube brings Lens to Shorts for real-time visual search: How it works

  Easy pickings

The rise of social media has made it easier than ever for scammers to piece together what was once considered private information. But this might not even be necessary. What if the service provider simply takes pity and falls for a tale of woe as to why you need to transfer the number but cannot remember an answer?

Suddenly, someone else can make and receive calls and SMS messages using your number. This means they could make calls at your expense. However, it might seem logical that as soon as the service provider is informed of this, the provider should be able to stop it, and is likely to refund any fraudulent charges.

However, there’s a catch. Remember when you created your email, bank account or even online grocery shopping account and you were encouraged to set up two-factor authentication (2FA)? You listened, but the system set your “second factor” as your mobile phone number. You input your username and password, and it asks for a time-limited code that it sends to you as an SMS message.

If someone has managed to obtain your login username and password, typically through a phishing email or even a data breach, and they have control over your phone number, they now have everything they need to login to your account.

This so-called sim-swap fraud is complex to pull off, but it is on the rise. Attacks rose by 1,055% in 2024, according to the National Fraud Database, and it has allegedly been used in many high-profile hacks such as that of former Twitter CEO Jack Dorsey in 2019.

ALSO READ: Now, Gemini AI can answer questions about videos saved in Google Drive

Effective counter-measures

It is often used to target users who have high system privileges that gives them to access to systems that most users don’t have permissions for. Imagine such a sim swap was carried out on a system administrator. These are the very people who set and reset passwords, grant access to computer systems and, most dangerously, can upload further software to the network and its attached systems.

This has proved such a useful hack that some services are switching to sending that time-limited code to you to messaging services such as WhatsApp. However, this approach is not foolproof, and so there is a rising adoption of authentication apps, which display a synchronised code that matches one held by the service to ensure authenticity.

Nothing is 100% secure, and the security of authentication apps, assumes that you have a separate, strong password to prevent those who have stolen your phone number from accessing these authentication checks.

Efforts to improve login security have led to the rise of what are known as passkeys, which are long sequence of random digits called cryptographic keys that are stored on your device, such as a smartphone or computer. It is only shown to your online account when you unlock your phone.

A key step in authentication is therefore the method the person uses to access their device. This could be a biometric authenticator like a fingerprint or face scan, or a screen lock pin number. Passkeys are more resistant to phishing attacks and data breaches than traditional passwords.

So, the next time you phone your mobile service provider and they insist on asking a host of questions to prove your identity, don’t complain, just think what could happen if they didn’t do sufficient checks and someone carried out a sim-swap scam on your number.

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Connect with us on WhatsApp

More From This Section

Soon, you can share collage, music, and photo stickers on WhatsApp Status

Google might redesign Phone app with new call answering options: Details

Samsung Galaxy S25 Edge: Pre-orders with storage upgrade offer close today

Realme GT 7, 7T, and Buds Air 7 Pro go on sale with introductory offers

AirPods Pro 3 could be Apple's next big health, fitness bet: What to expect

Topics :CyberattacksGlobal cyberattackscybersecurity

First Published: May 30 2025 | 3:00 PM IST

Explore News

Next Story