Media & Events

#TECH: How to save yourself from being victim of SIM swapping

30 Aug 2022, New Straits Times

CYBERATTACKS that steal personal data are on the rise. While most people are aware of phishing attacks, very few are alert to the dangers of so-called SIM swapping.

But what is SIM swapping? Subscriber Identity Module (SIM) swapping is a cyber crime whereby cybercriminals get hold of a duplicate of the victim's mobile SIM card.

However, in order to do this, the cyber criminals need access to your personal data such as MyKad, phone number and other security related details, which they can get hold of using phishing techniques.

With a duplicate SIM, they can then avoid the two-step verification process that protects services like your banking app. Although this would mean using a verification code, don't forget the attacker has access to your mobile line, so all they have to do is copy and paste the code that was intended for you.

New as it is, the problem has become so severe that the FBI issued a warning about a surge in SIM swapping.

In light of this, Check Point Software Technologies, a global provider of cybersecurity solutions shares three simple tips on how to avoid becoming a victim.


Familiar yourself with the tell-tale signs of a phishing attack. Pay close attention to the domain name to make sure it is genuine. Look out for emails and text messages with spelling mistakes even if you know the sender. The same applies to strange looking links or attachments. Often, these types of details are signs of a phishing attack.

"Cybercriminals are always looking for new ways to steal your data to achieve their goals. It's important that people are able to spot the signs of an attack. warns Check Point Software regional director for Southeast Asia and Korea, Teong Eng Guan.


This is the information that the criminals need in order to duplicate your SIM. Be careful about the websites you visit. Make sure the site in question is official and that it has all the various security measures in place, such as an encrypted connection. Look out for the padlock symbol in the address bar, which shows that it has a valid security certificate, and that the URL begins with httpS://, if it does not include the final -S://, it could be a risky page.

"If you're not aware of these tell-tale clues, you're putting yourself at higher risk and are more likely to suffer more serious consequences. This could mean having your bank account emptied or you could fall victim to identity theft which would enable the criminal to buy goods and services over the internet in your name," added Teong.


One easy and sure-fire way to find out that there is a duplicate SIM card, is that you will completely lose your mobile signal. This is because you will now have a phone with a SIM card that has no access to a mobile network. If this happens, contact the authorities and mobile operator to deactivate the SIM and start the process of recovering your data.

Check Point Software Technologies' security architect for APAC Clement Lee shares that in the case of users using eSIM, it might be harder for cybercriminals to execute attacks as there is a stricter agreement between mobile platform and telecommunications provider, however, one can never be too sure.

"eSIM which is typically non-transferable without strict agreements between provisioning of the mobile platform provider and telecommunication provider. Therefore, it will appear to be harder to execute attacks like SIM swapping. However, the eSIM concept is still relatively new in the industry. As such, the level of vulnerabilities to such levels of attacks is not as obvious," explained Lee.

Share this article