Protect yourself
Kia pare i a koe ki te whakawhiti SIM

Protect yourself against SIM swapping

SIM swapping is tricky to prevent and detect, but there are ways to reduce your chances of being a target.

What it is

SIM swapping is where an attacker tricks your mobile phone provider into transferring your phone number to their card without your knowledge.

Learn more about SIM swapping

How to protect yourself

  • Be careful where you share identity information

    Your personal information can be used to impersonate you, particularly when it’s used as part of an identity confirmation process.

    If you know your mobile phone provider confirms your identity by asking for personal information like your date of birth or address, make sure it’s hard to find online. Don’t share this information on your public social media accounts where anyone can find it.

    How to protect your privacy online

  • Be creative with your account recovery questions

    For some services, when you set up your account you’ll be asked to provide answers to a set of security questions – like ‘what’s your mother’s maiden name?’. These are generally used as a way to identify you if you forget your password and need a prompt.

    Unfortunately, these are also easy things for an attacker to find out, and could be used to gain access to your accounts without your knowledge. Where you can, make up something memorable but untrue that an attacker couldn’t find through a simple search of your name. You can use a password manager to store these answers too.

  • When there’s a choice, use an app-based two-factor authentication (2FA)

    SMS is better than a password alone, but there are often stronger options available. Ask your bank or service provider if they offer other forms of 2FA for account access. You might be able to use an app-based authenticator that generates a new code every 60 seconds, or one that sends you a push notification, instead of sending you a code by text.

    Use two-factor authentication to protect your accounts

  • Check your provider's policy

    Talk to your provider about what they can do to help protect you against SIM swapping. Ask them what the process is for moving a mobile phone number to a new SIM card. Some providers might request a confirmation by text, whereas others will ask to see physical ID at the store before they'll do this. 

Get help

If you think you’ve been targeted by a SIM swapping attack:

  • report it to your mobile phone provider and get them to check if your mobile phone number has been transferred to another SIM
  • reset the passwords for your important online accounts. Make your online banking and email accounts your priority.

Report the issue to CERT NZ

You can also report an online issue or security incident like this to us at CERT NZ. We can also work with the NZ Police on SIM swapping attacks, but will only do this with your permission.

Get help now