What you need to know about protecting yourself from SIM-swap attacks

As SIM cards increasingly become key tools in personal transactions beyond just calls and SMSs, so have cases of SIM swap fraud.

Mobile money fraudsters in Kenya have been seeking new ways of stealing from unsuspecting mobile phone users, going to the extent of registering an existing number on a new SIM card.

All this is in order to intercept notifications, one-time passwords, online banking profiles, and transactions.

SIM swapping, also known as SIM jacking, happens when a criminal convinces your network provider to transfer your phone number to another SIM card they are in possession of.

Now that SIM cards have become tied to the owner’s bank, email, and social media accounts, fraudsters can then access your accounts, transfer your money, as well as scam your friends and family in your contact list while posing as you.

Some mobile providers have already developed self-whitelisting services where one locks their own number against unauthorized SIM swapping.

However, that is just one of the many measures one can take to safeguard their SIM cards. Below are some steps one can take to stay safe:

You should protect your SIM with a numerical PIN that is stronger than just your year of birth (or your high school admission number!) to enter anytime you restart your phone.

Additionally, your phone itself needs to be protected with a PIN or pattern for extra security.

With advancements in technology, phone manufacturers have added biometric safeguarding of devices such as the use of fingerprints or facial recognition which come in handy here.

3. Whitelist your number against fraudulent replacement

Safaricom has a self-whitelisting service where one locks their own number to ensure no one else can swap your sim card without your knowledge.

All you need to do is dial *100*100# to whitelist your number.

This service ensures that a customer’s SIM card can only be replaced by visiting a Safaricom Shop or Care desk with your ID, or by calling Safaricom customer care.

4. Make use of two-factor authentication

Two-factor authentication (2FA) ensures the security of online accounts by additional pieces of information to verify one’s accounts beyond just a username and password.

You should enable it for your accounts, and if possible, use 2FA applications like Google Authenticator or Authy.

Phishing is very common in Kenya, where scammers posing as assistants in banks, government institutions, and health offices solicit sensitive personal data because you trust these organizations.

However, note that your bank, the government, or any reputable health office will never ask for your personal information online.

It is better to hesitate and later contact the agency to confirm the outreach than to risk losing it all.

6. Be careful what you put out there

The more your personal information such as full name, address, phone number, and date of birth is in the public domain on the internet, the easier it is for fraudsters to gain access to your personal accounts.

Remember that you could have used details like your pet’s name, favorite food, etc. in online security questions to secure your accounts.

While at it, ensure that you watch out for suspicious activity with your SIM card which could indicate fraudulent activity, and notify your network provider.

This includes being locked out of your phone's online or mobile money account, receiving notifications for actions you didn't take, and your phone losing service even with good reception.