Justin Chan, a California resident, recently fell victim to a sophisticated scam known as eSIM swapping, losing $38,000 in the process. According to a report by ABC10 News San Diego, Chan’s smartphone abruptly stopped functioning, prompting him to contact his mobile carrier. The carrier informed him that his number had been transferred to another device using his personal information.
Shortly thereafter, Chan discovered that his bank account had been drained. The funds were transferred via his bank’s mobile app, and despite reporting the incident, his bank denied reimbursement. The bank claimed that text message approvals for the transactions had been received—messages that the scammers had intercepted.
eSIM swapping exploits the digital nature of embedded SIM cards, allowing scammers to take control of a victim’s phone number and mobile network. This bypasses two-factor authentication, leaving victims highly vulnerable to financial theft. With many users relying on mobile banking apps, losses often amount to tens of thousands of dollars.
A spokesperson for a Korean-American bank confirmed that customers have fallen victim to this scam, which has garnered nationwide attention. The FBI’s Internet Crime Complaint Center (IC3) reported 1,075 SIM swapping cases in 2023, resulting in losses totaling $48.8 million. Between 2018 and 2021, SIM swapping incidents increased by over 400%, with damages exceeding $68 million.
To prevent eSIM swapping, the Cybersecurity and Infrastructure Security Agency (CISA) advises setting up a PIN for mobile carrier accounts and enabling multi-factor authentication (MFA). Adding an identity verification step for device changes is also recommended. “Setting a PIN significantly reduces the risk of unauthorized access,” CISA emphasized.
Mobile carriers are also strengthening security measures. T-Mobile offers a “SIM Protection” feature to prevent unauthorized SIM changes, while Verizon provides similar services, including restrictions on SIM swaps for all account numbers. AT&T recommends creating a unique PIN for added account security, which is required for any account or number changes.
Experts caution that while eSIM technology offers convenience by eliminating the need for physical SIM cards, it also opens new opportunities for cybercriminals. Victims of eSIM swapping are urged to contact their carrier and bank immediately, reset all passwords, and consider subscribing to credit monitoring services.
BY HANKIL KANG [kang.hankil@koreadaily.com]