SIM swapping (a.k.a. “SIM splitting” or “SIMjacking”) is a form of account takeover fraud that takes advantage of a weakness in the two-factor authentication (2FA) and two-step verification process. This form of verification involves an SMS or call placed to a mobile phone to confirm the consent of the phone owner before a transaction can go through.
With your phone number, a hacker can reset your passwords on online accounts by redirecting these 2FA confirmation texts. After that, they have all the access they need to very personal information, like, say, your banking details.
But you’re no idiot; you don’t give your number to just anyone. Right?
Well, credit where credit is due: these scumbags know their stuff. A mobile hacker can get their hands on your phone number through a number of nefarious means like phishing emails, by buying them from organised criminals, or by directly social engineering the victim. Once they have your number, it just becomes a matter of manipulating your cell phone service provider into porting your phone number to the hacker’s SIM card. In some instances, SIM numbers are changed directly by a well-bribed telecom company employee.