Claim your free €20 Bitcoin bonus now! Just verify your ID. Weekly payouts every Friday! Don't invest unless you're prepared to lose all the money you invest.
A SIM-Swap threat aims to steal your crypto. Here's how to minimise your chances of getting hit with this "phone porting" danger.
SIM Swap: Unfortunately crims will be crims and are out to scam you in new and inventive ways. A dangerous process, called “phone porting” can be used to gain access to your banking apps or your .
Phone porting is also known as a port-out scam, SIM splitting, simjacking, and SIM swapping. In this process, criminals convince your mobile carrier to transfer your phone number to a new SIM card under their control.
Phone porting is a method used by criminals (we call them ‘bad actors’) to steal your funds. Here’s what you need to know to minimise your chances of this happening.
In one example, a CoinJar customer had the heart-stopping experience of a bad actor trying to break into her crypto account. She urgently contacted CoinJar in a panic to try to stop it.
Our customer, Melanie said that the bad actor had accessed her phone, and locked her out of it.
Then, they changed her phone number and details to their details. Melanie explained that the bad actor had already got into her bank accounts and managed to withdraw money, and they were actively working to break into her CoinJar account.
Melanie messaged CoinJar urgently, and CoinJar’s security team froze Melanie’s account and started the process to verify her identity.
She said, “Lukas was switched on and used video ID to save my account.”
Phone porting is when criminals try to steal your phone number by calling your phone company claiming to be you. They say they have bought a new phone and need to switch the old number to the new phone.
All they need to steal your number like this is to get hold of your name, address, and birthdate. They can then switch your phone number to their own phone.
How do you know this has happened? Suddenly, your phone stops working. It’s because your number has been ported (hence the term ‘phone porting’) and the bad actors start receiving all your calls and messages - including any two factor authentication codes.
After this, they can use your mobile number to impersonate you via phone call, reset your banking passwords, access your crypto accounts, or even pretend to be you online.
Aaron McDonald is the Compliance Manager for CoinJar. He has been dealing with cases involving phone porting since 2017.
“Phone porting is where your number is ported and moved to a different provider. Once it's moved, the SIM card in your phone doesn't work anymore. So you can't get calls, you can't get text messages.”
McDonald said that when Melanie contacted CoinJar, she was really solely focused on saving her crypto.
“There have been cases where someone has gotten into a bank account through this exact method, and they've taken all the money. Sometimes the bank will refund this, but sometimes they don’t.”
McDonald said that the first thing that CoinJar did was verify Melanie’s identity.
“We always want to make sure we're talking with the correct person because in these cases, when someone takes over your identity, we do have situations where a bad actor will actually contact us as that person. They will say, ‘Why can't I sell my crypto? Why can't I send it to another wallet? What's going on?’ They try to trick us into removing those restrictions.”
The first thing you need to know is that if you need help from CoinJar, be ready to prove who you are, and have your ID ready.
Meanwhile, the bad actors were working fast. Says McDonald, “In the midst of Melanie contacting us, the bad actors managed to get into her CoinJar account and they changed the email attached to her account to a different one.”
CoinJar then received emails from the bad actor, impersonating Melanie. Meanwhile Melanie had created a new email account to be able to talk to CoinJar staff, and was saying, “Please freeze my account! Don't let anything happen to it!”
At the same time, Melanie was receiving emails from the bad actors with threats, attempting to extort her - they said they wouldn’t take her crypto if she paid them $1200 immediately.
There were also emails from the bad actor saying, “Unfreeze my account, why can't I send my money? If you don't do this, I'm going to report you to the regulator!”
McDonald says that the bad actors “really love turning those psychological screws.”
However Melanie, via her new email account, was already sending identity documents and she went on a live video chat to prove that she was a real person.
McDonald added, “Ultimately we were able to get her account back.”
This complete identity takeover all started from her phone number being ported. But there are things that are still a mystery: How did they get her date of birth? How did they get other details? Did they get her passwords? There are a lot of unknowns.
Phone porting is a real threat to our personal security. But why should you care? Your phone number is an extension of your identity. When part of your identity is stolen, it can be used to gain access to other services and products that you regularly use.
Major companies and even government agencies have fallen victim to data breaches. These incidents compromise user data on a massive scale. Your personal information — name, date of birth, address, document numbers, expiry dates, mobile numbers, and email addresses — can end up for sale on the dark web.
Armed with your personal data, criminals impersonate you by convincing your mobile carrier to transfer your phone number to a new SIM card under their control. Once they have access to your text messages and calls, they can compromise other services.
Those other services might be as innocent as your Netflix subscription, but could be as dangerous as your email account (think about times when you have emailed a copy of your licence or passport) or your bank account.
Phone porting can lead to devastating consequences. Imagine waking up to drained bank accounts, unauthorised credit card transactions, and compromised social media profiles.
Your identity is at risk, and the fallout can be financially and emotionally distressing.
For mental health support:
Contact .
Mobile carriers have strengthened their processes around phone porting requests, such as introducing further identity verification checks (like completing an in-store ID check).
In addition, new delays have been introduced when completing a SIM swap online in case the request was not initiated by the owner of the phone number.
Phone porting, extortion, and theft are crimes. Crimes where computers are an integral part of an offence, such as online fraud, are called cybercrimes. If this happens to you, it is
McDonald says that for people who have suffered through this, don't delete any text messages. “Don't delete phone call records either, keep everything and give it to the police when you make a report.”
Contacting CoinJar quickly is important. “If someone contacts us saying their account has been compromised, we're very quick to respond as we get instant real-time alerts.
“Usually we can respond much quicker than a bank. Sometimes you can be waiting for 20 minutes calling a bank, just to get through to someone to say, ‘My account has been compromised!’ Every second counts.”
Use a password manager to have unique passwords for every single account you own. Options here include iCloud Keychain, Bitwarden or 1Password.
Instead, use an authenticator app. Get a second mobile number for crypto accounts and banking.
If you must use SMS for two factor authentication, you can buy a number for SMS only that nobody knows about. Most modern phones can have two SIM cards installed, or two eSIMs configured. This setup means you can have one phone number for your regular use and a number, known only to you, for SMS two factor authentication.
of pay-as-you-go SIMs that can be purchased in Ireland.
Don’t tell people you have online accounts or hardware wallets. Don’t make yourself a target.
For example, you might use one email address for shopping, another for social media, and yet another for work-related matters. This way, if one email address gets compromised, it doesn’t affect the others. You can set up a new email address and get all emails forwarded on to your main email address, for example.
The “+” trick: Some email providers, like Gmail and Google Workspaces, allow you to use a clever trick. You can add a plus sign (+) and any word after your email address before the “@” symbol.
For instance, if your email address is youremailaddress@gmail.com, you can create variations like youremailaddress+shopping@gmail.com or youremailaddress+work@gmail.com.
These variations all lead to the same inbox but act like separate compartments. So, emails sent to youremailaddress+shopping@gmail.com will still arrive in your main inbox, but you can easily filter and organise them.
By using this trick, you don’t need to set up completely new email addresses for different services. Instead, you create virtual compartments within your existing inbox.
If you sign up for an online service (let’s say a cryptocurrency platform like CoinJar), use the youremailaddress+coinjar@gmail.com variation. If you start receiving spam or want to organise your emails better, you can filter based on these variations.
Imagine your home network as a fortress. Keeping it protected is essential to prevent cyber threats.
Never allow unknown devices or strangers to join your wireless network, and ensure that your wireless network uses a strong password shared only with people you trust. If your wireless network came with a default password, change it to a unique password.
Where available on your devices, we recommend to always use biometrics (facial recognition or fingerprint recognition). If these features aren’t available, you can set a strong PIN or passcode. Your PIN or passcode can contain letters and numbers, and should never be an easy to guess number like 0000, 1234 or your year of birth. Where available, enable the same features on individual apps - especially banking apps.
If you have a hardware wallet (a device for storing your cryptocurrency), it’s crucial to save your backup phrase.
A backup phrase is like a secret code that allows you to recover your crypto if you lose access to your wallet.
You can use products like Cryptosteel Capsule Solo or Cryptotag Zeus to securely store this backup phrase. Hide it somewhere safe where nobody else can find it.
When purchasing a hardware wallet, always buy directly from the official Ledger or Trezor website. Be cautious because there are fake wallets out there that look identical but can steal your funds. Remember: You should never store your backup or recovery phrase online.
There are some subscription services designed to help you manage your credit profile and reduce the risk of identity theft.
and other companies like it monitor some shady sites to make sure your details don’t appear on them, among other types of monitoring.
If you have a hardware wallet (a device for storing your cryptocurrency), it’s crucial to save your backup phrase.
A backup phrase is like a secret code that allows you to recover your crypto if you lose access to your wallet.
You can use products like or to securely store this backup phrase. Hide it somewhere safe where nobody else can find it.
When purchasing a hardware wallet, always buy directly from the official Ledger or Trezor website. Be cautious because there are fake wallets out there that look identical but can steal your funds. Remember: You should never store your backup or recovery phrase online.
If you’re using a hardware wallet or any other self-hosted wallet, ensure your friends and family know how to access your crypto. This way, if something happens to you, they can still retrieve it.
However, if you store your crypto in your CoinJar account, you don’t need to worry about this step.
Some extra resources:
Unique passwords
Risks of non-unique passwords
Creating strong passwords
Scams advice
2FA (Enhanced Security)
One-time password
Please refer to our if you feel you have been scammed.
Citizens information:
Use to verify the authenticity and safety of online shopping websites. It is managed by Cyber Skills, in partnership with ScamAdviser and An Garda Síochána. You can check that the website you are using is genuine and free from harmful software by providing the website URL (link).
You can stay aware of scams using government agency warnings, such as those on the and the
Read more about , detailed by Coimisiún na Meán, the regulator of online safety in Ireland.
Get from the Commission for Communications Regulation (ComReg).
The Banking and Payment’s Federation Ireland’s (BPFI) FraudSMART initiative has some
The Competition and Consumer Protection Commission (CCPC) has information about
SIM swap fraud is a type of account takeover that targets a weakness in two-factor authentication (2FA) or two-step verification.
In this scam, attackers manipulate mobile carriers to transfer a victim’s phone number to a new SIM card they control.
Once they gain control of the victim’s number, they can intercept calls, texts, and security codes meant for the victim.
Scammers use social engineering tactics to collect personal information about the victim, with the aim of gaining access to their bank and crypto accounts.
They impersonate the victim and contact the mobile carrier, requesting a SIM card transfer.
The victim’s phone number is then linked to the scammer’s SIM card, granting them access to sensitive accounts.
Anywhere where people use SIM cards. But hotspots are Hong Kong, Europe, Australia and the US are all hotspots of SIM swapping attacks.
Be cautious with personal details shared online, as scammers use them to answer security questions.
Regularly monitor your accounts and report any suspicious activity to prevent SIM swapping attacks.
Standard calls are used to verify identity during SIM swaps. Scammers exploit this process to gain unauthorised access to victims’ accounts.
Use strong two-factor authentication methods beyond just SMS.
Consider using authenticator apps or hardware tokens instead of relying solely on text messages.
Only buy SIM cards or phones directly from trusted sources.
Regularly check your accounts for any unusual activity.
Remember, staying informed and vigilant is crucial in preventing SIM swap fraud and protecting your personal information. If you suspect any suspicious activity, report it promptly to the relevant authorities or your mobile carrier.
CoinJar Europe Limited (CRO 720832) is registered and supervised by the Central Bank of Ireland (Registration number C496731) for Anti-Money Laundering and Countering the Financing of Terrorism purposes only.
Apple Pay and Apple Watch are trademarks of Apple Inc. Google Pay is a trademark of Google LLC.
This site is protected by reCAPTCHA and the and apply.