I vividly remember when my parents took my sisters and me to purchase our family’s first cellphones when I was 15 years old. After choosing the colors of our Nokia 3310s (colloquially known as the “brick phone”), I clearly remember watching the service folks at the cellphone store insert the SIM cards into each phone. For something seemingly mundane and routine in the process of acquiring a new phone, I had no idea that 25 years later, I would be leading investigations into crimes involving SIM swapping.

Never heard of SIM swapping? Statistics from the FBI show a staggering 500% increase in SIM-swapping crimes from January 2018 to December 2020. Closely linked to identity theft, the FBI reported investigating 1,075 SIM-swapping incidents in 2023 alone, resulting in nearly $50 million in financial losses. With such a fast-spreading and impactful crime, how can we in law enforcement effectively investigate SIM swapping? First and foremost, we must understand how the crime works.

SIM stands for subscriber identity module. This module assigns cellular service to a device. A SIM card is essential for a device’s communication with the cellular network, which in turn designates the mobile subscriber identification number (MSIN) and international mobile subscriber identity (IMSI). While the MSIN and IMSI are unique to a subscriber once the device connects to the network, each SIM card is uniquely numbered with an integrated circuit card identification (ICCID). These components are essential for a device to be attributed to a mobile network operator (MNO), such as Verizon, AT&T or T-Mobile, or a mobile virtual network operator (MVNO), such as Mint Mobile, TracFone or Straight Talk Wireless. Advancements in technology have led to the advent of eSIMs, which are built into a device’s hardware and can be updated digitally.

When a SIM swap occurs, the MSIN and IMSI are transferred from one SIM to another, a process also referred to as “porting” the phone number to another device or network. While this is a common and legitimate practice, such as when upgrading to the latest iPhone or Samsung device, the criminal practice of SIM swapping involves porting the victim’s phone number to a device that the victim has no control over. In criminal SIM swapping or the related act of “SIM cloning,” the victim either loses control of their MSIN and IMSI to a device they have no access to or has them surreptitiously duplicated and paired to a device the victim has no knowledge of. Although SIM swapping and cloning are rather sophisticated, they closely resemble identity theft and often serve as a gateway to more lucrative or impactful crimes.

From banking to social media and email, think of how many accounts are synced to your phone number. Now, imagine being unable to receive two-factor authentication (2FA) texts when you attempt to log in to any of those accounts. This is ultimately what fraudsters aim to achieve with SIM swapping: defeating enhanced security protocols of 2FA or one-time passcodes (OTP) by gaining access to your phone number. This can also be accomplished via VoIP services like Google Voice, using features such as call and text forwarding. As outlined in a warning from Google Support, fraudsters have been able to deceive victims into unknowingly forwarding their calls and texts to a Google Voice account controlled by the scammer.

There have been many publicized cases of mass SIM swaps in recent years, including T-Mobile facing a class-action lawsuit alleging the company did not do enough to protect their customers. How do criminals achieve this? Social engineering! By a threat actor knowing a victim’s email, phone number, address, recycled password, etc., they can build the foundation necessary to achieve a SIM swap. The ease of porting SIMs online via MVNOs like LycaMobile or third-party services like J1 SIM have made the process incredibly expedited.

It is important for investigators to understand that anybody with a cellphone can become a victim. Sometimes, the perpetrators are employees of the store where the victim purchased their phone. Other times, the victim may have been targeted via a scamming enterprise like “iSpoofClub,” which was taken down by the U.K.’s NCA in 2023 after generating over 100 million pounds in profit. Obtaining records from a victim’s service provider will detail the international mobile equipment identity (IMEI) or electronic serial number (ESN) of where the number has been ported. Today, MNOs like AT&T are increasingly diligent in detecting fraud on their network, giving fraudsters a very limited window to keep a swapped SIM online. Tell-tale anomalies as impossible travel, third-party porting/port out, etc., will often lead to a network freezing service before the fraudsters can receive any texts or phone calls meant for the victim. I understand the likelihood of a local police department handling a SIM swap case is few and far between; however, assisting the victim in regaining control of their phone number is the goal.