top of page

SIM swapping: how can I protect myself?

The eSIM repeatedly receives media attention through cases of SIM swapping. With SIM swapping, an attacker gains access to your customer account with your mobile phone provider and thus obtains the eSIM QR code of your cell phone. The attacker can then use the stolen eSIM to log into other sensitive accounts (eBanking, etc.) via an SMS TAN.

Even if the eSIM seems to be the insecure part, the real problem lies with stolen login data. Your login information is passed on to the perpetrators via phishing links or data leaks, who then log into your account. To prevent this, you should at least pay attention to the following things:

  • Use strong and unique passwords for sensitive accounts such as your mobile phone provider account.

  • Use an email address whose account is protected with more than one password. Two-factor authentication either via SMS or an authenticator app should be active. Do not use a weakly secured email address for account recovery.

  • If you notice any suspicious activity on your account, call your provider immediately and have your password and login email changed.

To avoid falling into the trap in the first place, you should also adhere to these rules of conduct on the Internet:

  • Interact with your provider or other services only through their official contact channels. So don't reply to suspicious text messages, don't click on links and never give out your login details.

  • Only use HTTPS sites and avoid HTTP.

  • Never give your login details, even on the phone. No service provider or the police will ever ask you for your password over the phone.

bottom of page