1. Home
  2. Blog
  3. Technology
  4. What is SIM-cloning: How it works, how to detect it and steps to take

What is SIM-cloning: How it works, how to detect it and steps to take

Admin
5 min read
03 Nov
03Nov

Just last week some fraudsters were arrested in Harare for reportedly defrauding almost 30 victims by cloning simcards and stealing over USD $17 000 and over 30 million Zig. Just a week prior a friend had told me that she met a woman who was complaining that she saw a notification that she had sent $600 to a certain number but claiming she didn’t do that transaction but she only received the message confirming the transaction and when she checked her balance all the money was gone, so all signs were pointing out to sim cloning. Sim cloning is a much common technique in the criminal underworld but let’s simplify it for common users so that everyone understands how it works, how to know if your sim is cloned and what steps to take. Please share this with family and friends it might help someone.

So gone are the days where the internet was a bit safer, nowadays threats are everywhere and as threat actors learnt that data is just as valuable as gold, threats are now everywhere. With people increasing their reliance on the internet from financial sector, to health and even everyday life, the threats have become that much more dangerous. Connecting to the internet now needs extra caution as one wrong step could ruin your life yet most internet users are not educated on cybersecurity.

Your phone number is used for calling but it’s also a key used by banks, email providers, and social platforms to prove “you are you.” That’s why threat actors target SIM cards or the phone number itself because with it you can do a lot of damage, from resetting passwords to transferring money. A Subscriber Identity Module (SIM) stores identifiers and secret authentication data that let your mobile operator confirm your device and link it to your phone number. When that authentication is duplicated or your number is moved to someone else’s SIM, the attacker can receive calls and SMS meant for you — including one-time passwords (OTPs) used for account recovery.

People usually confuse SIM Cloning with SIM Swapping, so here are their main differences:

SIM cloning (duplication)

This type of attack involves creating a copy of the SIM’s authentication credentials so two physical cards behave like the same number. Historically possible on older networks, it’s more difficult with modern SIM hardware and network protections specifically the new e-sim technology but it’s still a concept people refer to.

SIM swapping (SIM jacking / porting)

In this type of attack the attacker convinces the mobile operator to activate your phone number on a SIM they control (via social engineering, stolen IDs, or abusing carrier procedures). This is the most common modern route for number takeover.

There are also related methods that don’t require touching your SIM at all, such as exploiting weaknesses in carrier signaling systems or using fake cellular towers to intercept traffic.

These two methods, SIM cloning and SIM swapping are two different things that are used interchangeably.

Methods used to gain control (overview — non-actionable)
Threat actors have also evolved upping their game and adopting to modern standards, Attackers combine social, technical, and criminal means. Some of the top tier methods are:

Social engineering of carrier staff or using stolen identity documents.

In this attack, fraudsters impersonate the subscriber and request a SIM replacement, or they bribe/compromise retail agents to activate or port numbers.

Account takeover using data from data breaches. 

Sometimes times your personal information acquired elsewhere helps attackers pass weak verification checks so always be careful what you share online.

Fraudulent porting/transfer requests. 

Attackers request the carrier to transfer (port) the number to a new SIM, but bare in mind usually tricks that involve the SIM company to co-operate usually don’t work because they are highly trained in cybersecurity

Network-level interception. 

In some jurisdictions, vulnerabilities in inter-carrier signaling or specialized interception equipment can allow message/call interception without changing the SIM but in most cases this will just be restricted to monitoring texts and calls. Fake base stations (IMSI catchers) are also used by sophisticated attackers to collect identifiers or intercept communications from nearby phones.

Note: We are not sharing the actual details of how these are carried out in case some may try to use the information for committing these crimes but we are sharing enough to help you know what it is exactly and how to defend it on the users part.

What threat actors do once they control your number

Mostly these threat actors Intercept OTPs and SMS-based two-factor codes to reset passwords and gain access to email, banking, crypto, and social accounts. They take over financial accounts, change recovery settings, and even initiate transfers like the case i mentioned earlier. You will just get notifications of transactions you have not initiated.


They may also Impersonate you to scam your contacts or evade detection especially to public figures and celebrities. Another common tactic is Scale fraud by linking many hijacked numbers to new online identities for scams, spam, or money-mule setups.

So how do you realize you have been compromised

• If you receive messages from your operator about SIM activation or porting that you did not request better check in immediately with your SIM operator.

• Another clear sign is not receiving expected SMS (OTPs do not arrive).

• If you receive unexpected password reset emails or login alerts from services you use is another red flag.

• Your contacts may report receiving unusual messages from your number.

• If you suddenly lose voice or SMS service while your phone still shows a network signal might be another sign though network problems are common so if it’s a network problem coupled by another sign provided on this list might be cause for concern.
So how to defend yourself from those that target the user and you can control

These steps reduce the likelihood and impact of SIM-related fraud:

•The very first internet problem these days is social media. Be cautious with personal data. Don’t overshare information on social media that could be used to steal your identity.

• You can try using app-based or hardware 2-factor authentication (2FA) (authenticator apps, push-based 2FA, or security keys) instead of SMS for important accounts.

• You can set a carrier PIN or passphrase and ask your operator to require it for any SIM changes, porting, or account access. Many carriers offer port-freeze features; enable them where available.

• Limit use of your phone number for account recovery. Use secure email addresses and authenticator apps instead of phone numbers when possible.

• Use unique, strong passwords and a password manager. Harden account recovery options (avoid easily guessed security questions).

• Monitor accounts and enable login alerts. Regularly check bank statements and set alerts for account changes.

• If you travel or live in high-risk areas, be mindful of using public Wi-Fi and physical security around your device.

If you suspect a SIM that you are already under attack, here are the steps to take.

Step 1: Contact your mobile operator immediately from a different phone or a verified customer service channel and ask them to freeze the number or block porting.

Step 2: Use another secure device to log into important accounts and change passwords; remove the compromised phone number from account recovery methods.

Step 3: Enable stronger 2FA (authenticator apps or security keys) on critical services.

Step 4: Notify banks and financial services so they can add extra verification or freeze transactions if necessary.

Step 5: File a police report and keep records (timestamps, carrier messages) — this helps with investigations and claims.

Step 6: Report the incident to any national consumer protection or telecom regulator that handles carrier abuse in your country.


A short checklist you can save   

 •     Replace SMS 2FA with an authenticator app or security key where possible.   

 •     Add a carrier PIN/port-freeze.    

 •     Remove your phone number from account recovery for sensitive services.  

 •     Use unique passwords and enable account alerts. 

 •     Keep a spare device or alternate phone number for emergency contact with banks and your carrier.

SIM cloning and SIM-swap fraud is a serious threat because the phone number is a powerful recovery channel for many online services. The good news: most of the practical defenses are simple — reduce reliance on SMS for 2FA, harden your carrier account with a PIN or port freeze, and maintain strong passwords. If something goes wrong, reporting it as soon as you find out helps you stay protected.

If you have a tip, a story, or something you want us to cover get in touch with us by clicking here. Sign up to our newsletter so you won’t miss a post and stay in the loop and updated also we will be launching a free basic cybersecurity short course for beginners to teach you how to protect yourself online. Just subscribe for free to our newsletter and create an account on perusee to be eligible.

Note: You can also advertise on Perusee, just contact us, call or app +263 78 613 9635

Click here to Follow our WhatsApp channel

Keep comments respectful and inline with the article, also create an account and login to chat with members in our forum, get help on issues you need help with from community members.


TechnologyFinance
Technology Econet Netone Fraud
20Jan
Unraveling the Complexity of Phone Hacking: Understanding the Risks and Safeguarding Measures
08Feb
What's the Difference Between Bandwidth and Latency? A Guide To Internet Connectivity by Experts In The Field.
10Feb
Econet Zimbabwe denies alleged data breach but if true what does it mean for us users
Comments
* The email will not be published on the website.