Changing a SIM card without your agreement
This guidance note tells you…
This guidance note tells you how our office handles complaints about unauthorised SIM card swapping.
What is an unauthorised SIM swap?
An unauthorised SIM card swap happens when someone takes control of your mobile phone service by getting your provider to cancel your SIM card and replace it with a new one.
Usually, the person pretends to be you and uses your details, such as your date of birth and address, to convince the provider the request is legitimate.
We see cases where a SIM is swapped by someone who:
- wants access to your mobile service to receive authentication messages so they can access your accounts (such as bank accounts, emails, or cloud storage). They then steal money or valuable information.
- commits family violence or coercion.
Usually, the first you know about an unauthorised SIM swap is when your mobile service stops working.
You might later find that funds have been transferred out of you bank account, that they you been signed up for products you don’t want, or that you get a large bill because your mobile service has been used to make calls or for data.
We expect providers to:
- Make reasonable attempts to identify anyone asking for a SIM swap
- Respond quickly to you when you report unauthorised SIM swaps by cancelling the replacement SIM and putting in place measures to stop any more unauthorised swaps (for example, by putting a password on your account).
If we believe the provider did not take proper care in swapping a SIM, we can ask the provider to do whatever is necessary to fix the problem. This could include:
- Waiving charges
- Compensating you for any privacy breach
- Giving you a new mobile phone number
- Allowing you to leave your contract to find another provider.
What you should do
Unfortunately, scams are common, but there are steps you can take to protect your service and accounts.
- Don’t respond to emails asking for your bank account details, phone number and personal details.
- Don’t respond to any caller who asks for access to your computer. Don’t give them any passwords or other information. Hang up.
- Don’t click on links in emails or text messages saying you have won a prize or have a message, particularly if you don’t know the sender.
- Reduce disclosure of your personal details such as full name, mobile number and full date of birth on social media, online dating websites or blogs. If you must enter these details, hide them from public viewing.
- Lock your letterbox. Fraudsters can gain personal information about you by physically stealing your mail.
If your SIM has been swapped and someone has transferred funds from your bank account, contact your bank or financial services provider immediately. If you cannot resolve the issue with them, contact the Australian Financial Complaints Authority.