How Thieves Can Steal Your Cell Number and Use it to Steal Your Money Without Ever Touching Your Phone

Imagine that one day you pick up your cellphone and your service has been turned off. You can’t access the Internet, make a call or send a text. When you call the cellphone provider, the representative tells you that you requested the number be transferred to a new phone.

In the time that it takes you to get the situation sorted out, the cyber crook that took transferred your number has already emptied your financial accounts, made online purchases with your credit cards and changed all your online passwords — essentially locking you out of your own life.

How Can They Do That?

Nowadays your cellphone is used for a lot more than just making phone calls. Many companies and websites recommend linking your cellphone number to your accounts as a way to verify your identity.

This security method, known as two-factor authentication (2FA), will send you an SMS (a text message) with a security code when you attempt to log-in or make security-related changes to your account (e.g. password change).

One the cyber crook gains control of your number, they exploit this security feature to gain access to email addresses, social media accounts, cryptocurrency wallets, cloud devices and financial accounts.

How They Get Your Number

The cyber crook generally transfers your phone number to a phone that they control using one of two methods:

1) They convince your cellphone provider that they are you using information they found online or through phishing; or

2) They bribe an employee with access to the system to transfer the number.  

How to Protect Yourself

There are a some things you can do to reduce your chances of becoming a victim of SIM card hijacking:

1) Set up a PIN number for your SIM card

The procedure to do this varies by carrier, so you’ll need to check with them to see how to do it. Just don’t forget your PIN.

2) Use better two-party verification method

You can add  Google Authenticator. It generates random six digit codes that you’ll have to enter to verify your identity on sites. Since it’s physically on your phone, it prevents people from accessing accounts using your cellphone number alone.

3) Remove your cellphone phone number from accounts 

The fewer accounts you have linked to the number, the better for security reasons.

4) Be careful what information you share online

Scammers often do an Internet search to learn more about you so they can convince the minimum wage employee answering the phone at your cell phone company that they’re you. If you’re sharing every aspect of your life on social media right down to your pets’ names, you’re making it way too easy for them.

One more thing. You know those fun little questionnaires on Facebook where they ask you a list of questions like:

What year did you gradate high school?

What’s your favorite food?

What was your first car?

Avoid these things like the plague. If you’ve done them in the past, I recommend going through your timeline and deleting all of those posts.

Let’s Wrap This Up

Although this particular article doesn’t have anything to do with moving to Mexico, I thought some of our readers would benefit from the info so I did a quick post on it.

If you’re interested in learning more about this scam and how to better protect yourself, just do a quick Google search and you’ll find a ton of information on the topic.

Well, that’s it for today. Stay safe and healthy.

Become a Patreon member to get access to our live Q&A sessions as well as our private Facebook group where you can ask us questions. For more information, click HERE.

About the Author

Qroo Paul
Paul Kurtzweil (Q-Roo Paul) was a deputy sheriff in Florida for 25 years before retiring at the rank of lieutenant in 2015. He and his wife moved to Mexico looking to maximize their retirement income. They later started a blog called Two Expats Mexico (qroo.us) to share their experiences as well as information about the logistical and legal aspects of retiring south of the border.

21 Comments on "How Thieves Can Steal Your Cell Number and Use it to Steal Your Money Without Ever Touching Your Phone"

  1. Thank you Paul, as always great tips and information. it’s a amazing how computer savvy they are down in the Mexico……lol

  2. is there another way to protect yourself, phone, other then using google Authenticator?

  3. Many expats will now be asking how to set up a PIN number for our Telcel SIM cards. Thanks, as always, for helping us navigate our new life in Mexico.

  4. Does this apply to my iPad as well…my phone is not have emails on it…I do my banking on the iPad only…thank you for all the I formation you make available to us.

  5. Every 2FA site I use sends a text message after I enter my user name and password. So first they’d have to phish the password, which is a whole deep, other subject. For those sites that offer it, I do use an Authenticator. Some sites allow the 2FA via e-mail, so that avoids the entire cell problem.

    With a password manager, it’s easy to generate very long random passwords, unique for every site. My password manager (Roboform) allows me to add notes for each site, so I never answer those account recovery questions with true answers. For example, tell them your high school mascot was the cockroach or your favorite sport is hopscotch.

    It’s a never ending war against scammers, so thanks for this update.

  6. Excellent information! Although I have a smartphone, I still only use it for talk, text and photos because I don’t feel comfortable doing anything else on the phone. Thanks for the information.

  7. They can just easily use a RFID frequency app on their smartphone phone or carry around a NFC/RFID reader and grab all your sim card phone information in seconds, just like they do with credit cards that people carry in their wallets.

  8. Thank you, I setup a SIM pin for now and plan to transition to the authenticator app. Just recently all my personal information was utilized for fraudulent unemployment claims in my state, so I need to have everything locked down.

  9. Thank you, Paul!

  10. HA! I never played those question games on Facebook, or if I did, I purposely gave the wrong answers. I KNEW they were fishing for more info. I told this to my friends. So when do we apologize to our conspiracy theorist friends? Does anyone still laugh at conspiracy theories? I HOPE NOT!

  11. I seem to be unable to find the daily currency exchange feature. Has it been discontinued for some reason. Thank you.

    • Try dailyfx.com/usd-mex Live quotes that are constantly changing throughout the day. If you’re making a transfer you can watch it and wait for the “right rate”. TransferWise.com will lock in the rate for 36 hours while you prepare to make the transfer. TMI?

  12. I have a Mexican number but I live in the USA. This is better since I can’t link my cell phone to my primary residence in the USA (and also because of free North American calls with Telcel). I also use Google Voice as my primary residence number in the USA (not switchable by thieves I would think). But in any case, it has become necessary for a PIN and 2factor authentication.

  13. i have been in mexico since 2008. i am using $20 burner cells since 2013. i was continuously hacked by an extremely adept group using revolving phone numbers i traced webbed through mexico city, new york, chicago, phoenix. it got worse from there, long bad story. i changed banks, no online money connections, use a small budget debit card for on line purchases and never use an atm, use my mexican wife’s email, put zero financial ties or references to it. i am very upset with the “currency” and every other access point to society being transferred to phones. why does every subscription no matter how small the fee require cell and address references? people think i am old fogy dinosaur but it’s about to force me back in! think i’m goofy? wait until it happens to you

  14. Thank you for sharing. Also please keep the vídeos coming on Youtube. I love the ones on subjuntivo tense and listening videos

  15. You can often find a SIM lock option in your phone Settings –Android phones,specifically Samsung like mine– are easy to do…..

  16. Helene Guillemette | February 9, 2021 at 9:41 am | Reply

    Thanks for the info….I’m going to ask hubby to look at that….no wonder people don’t rob banks anymore…they can do that in the comfort of their house!!!

  17. Ah I read this and guess what, a few days later I find out I m hacked, they got my phone and email and managed to transfer 15.000 out of one of my accounts.Now trying to fix this and set it up so that won’t happen again

    • That’s terrible! So sorry to hear that!

      • yes no fun, however, i am using it as a lesson and am taking your advice, first thing i m doing is getting a pin number for my sim card and then try to not use the phone as a verification tool for all my accounts. Thanks again for the super valuable information

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.