SIM cloning is a practice where a malicious user creates an exact copy of your SIM card, putting you at risk of having any mobile phone authentication compromised.
What is SIM cloning and why does it happen?
A SIM card is essentially a security measure to prove that you are entitled to access a mobile network. Your phone number is associated with a specific SIM and the SIM also has its own unique identification number registered with your provider.
When a SIM card is "cloned", it means one of two things. Either there are now two identical SIM cards on the same network, or the original card has been blocked and the number associated with that card has been moved to a new SIM, which is in the possession of a malicious user.
The tools that exist that can create a copy of a SIM card need the original card to get the data. So a criminal would have to steal your phone (or give it to you), copy the card, and then give it back to you. This is not very practical, so the most common method of impersonation is to ask the phone company to do a SIM change.
This is a hacking technique that targets the part of a security system that tends to be the weakest link: people! Sometimes SIM cloning is done through an authorized employee at a telephone company, or through an employee at the mobile phone service, so your SIM card may not be blocked, making it harder to detect that you have been hacked.
Warning signs of SIM cloning
SIM cloning is relatively rare, but it is definitely something that everyone who uses a mobile phone should be aware of. Here's how to tell if your card has been cloned:
1. You suddenly stop receiving messages and calls (and you can't make them)
If the attacker has changed the SIM by impersonating you, then the SIM in your phone will be blocked. You'll see a message saying you don't have a connection or your phone isn't authorized or something.
You will not be able to make or receive calls or messages. If this happens to you, it's a good idea to call your carrier immediately (obviously from another phone) and ask if your SIM card has been changed.
2. You get 2 unsolicited FA messages
In some cases where hackers manage to clone a card without blocking your original card, both your phone and the phone with the cloned SIM may receive copies of the same messages.
If you start receiving messages with password reset codes or other information two-factor authentication (2FA) that you didn't ask for, it's worth contacting your provider to make sure your SIM card is safe.
3. Your phone account has unknown activity
Sometimes SIM clone hackers don't want to scam you directly, but use your number as a way to scam other people. They can commit crimes or impersonate you for various scams by having control over your phone number.
So it's worth checking your phone records every month to make sure there aren't any calls from your number that you didn't make!
How to prevent SIM cloning
Cloning a sim card is a rare occurrence, but if you fall victim the results can be devastating. There is nothing you can do if the breach is through a phone company employee. However, in most cases, the phone company itself falls victim to hackers impersonating you. The company will ask the malicious caller a series of personal information questions to verify that they are the right person.
The key here is that this only happens when you call the company. If someone calls you and claims to be from your phone company and then asks for this information, it is almost certainly an attempt by someone to steal your personal sensitive information. Specifically, so they can turn around and pretend to be you to your phone company. So if you get such a call, never give out any of this sensitive information!
Also if you're using any kind of SMS-based (SIM-linked) two-factor authentication service, consider switching to another type of security factor. The best option is to use an authentication app that is connected to that particular phone. Google Authenticator is widely compatible, although some companies, particularly financial ones, use their own internal authentication technology.
Finally, excluding some cases of data theft, when you take your phone for service you should first remove the sim from it, so as not to "tempt" the technician.