Because of the importance of mobile phone numbers for verifying a person’s identity (for example, using 2-factor authentication), and the widespread use of mobile number portability, fraudsters often attempt to take control of a person’s mobile number by committing SIM swap fraud. This is typically done through phishing or social engineering attacks, where the criminal learns enough about their target to convince an operator’s customer services personnel that they are the subscriber. They then claim that their SIM card has been lost or damaged, and request to have the number ported to a new SIM.

In this way, the criminal can have the subscriber’s MSISDN associated with a SIM card that they own. They will then receive any messages their victim would usually be sent, allowing them to circumvent 2FA security (and potentially also intercept personal information). This kind of fraud can be countered by checking the IMSI associated with the mobile number, since the IMSI is linked to the physical card. If there is a discrepancy between the recorded IMSI and that on the SIM card connected to the MSISDN then a SIM swap has likely taken place, and the customer will be contacted in some other way to confirm their identity.