Despite buying an eSIM to protect myself better, I still would’ve left myself vulnerable to hacking without taking further action. To shut cybercriminals out for good, I took matters into my own hands and upgraded my security.

How Can eSIMs Be Hacked?

Like how a physical SIM card can be hacked, eSIMs are still vulnerable. SIM swapping is one of the biggest threats I’ve considered. Hackers can call your mobile provider pretending to be you and request a new SIM card; this is still possible with eSIMs. If the mobile provider agrees to send them a card, the criminal can use your number on their device.

SIM card swapping is more sinister than just using your number, though. Hackers can receive two-factor authentication (2FA) codes intended for you and subsequently gain access to your online accounts.

Malware is another way that someone can hack an eSIM. Cybercriminals can try to make you download malicious software in many ways, such as sending suspicious links via SMS. For this reason, it’s incredibly important that you learn how to spot smishing texts.

Related

This Is How Your eSIM Can Be Hacked

eSIMs are safer, but they’re not perfect.

How I Keep My eSIM Safe

To keep myself safe from hackers, I have taken multiple steps to protect my eSIM. I made some adjustments in my phone settings, while others involve maintaining good online hygiene.

1. Turning On My VPN

I always try to keep my VPN switched on when using the internet on my device. By doing this, I mask my IP address and make it more difficult for hackers to track my online activity. I use the same tool on tablets with cellular plans, too, along with installing VPNs on non-computer devices elsewhere.

Turning on a VPN is especially important on the rare occasions that I use public Wi-Fi. Since these are unsecured, it would be easy for people with malicious intentions to see what I’m doing without this feature.

While I use ExpressVPN, there are plenty of other great alternatives. For example, I really like NordVPN and Proton VPN. Before picking one, I learned the difference between a good and a bad VPN so that I could make the right choice.

2. Ignoring Phishing Emails and Messages

Phishing emails and text messages are among the most common ways hackers can cause harm to my eSIM. Thankfully, though, stopping these malicious messages from resulting in a SIM hack is very easy.

I now always ignore phishing emails and SMS messages. Doing so is simple because I learned about the most common phishing red flags. For example, they often include incorrect spelling and grammar, along with the ability to respond to texts. My postal service doesn’t let me do this, but phishing messages always do (and have an unknown number).

By understanding the biggest signs, I can even spot AI phishing attacks and stop them from causing damage. Moreover, I learned about the most common types of phishing attacks to look out for.

3. Being Careful When Downloading Apps

Since I’m based in the EU, I now have the option to download third-party apps on my iPhone. But despite having this option, I still refrain from doing so. The risk isn’t worth the reward, as there are many dangers of third-party app stores. I’ve hardly found any programs worth using anyway, which has made it easier to avoid.

While the App Store is generally good at not allowing malicious apps, it’s not perfect. As a result, I take extra precautions to ensure that I only download safe apps. First and foremost, I always check the reviews for tools I don’t know much about. It’s a similar story for Android users: you must be extremely careful when sideloading apps.

Importantly, I try to limit the number of unknown apps I download. Most of the time, I only use tools I’m already familiar with (e.g., Spotify and Asana). Besides reducing the risk of an eSIM hack, I declutter my computer as a byproduct.

4. Turning on the “SIM PIN” Feature on My iPhone

In addition to practising good general digital hygiene, I make the most of protective features available on my phone. Turning on the SIM PIN feature is the simplest way to add an extra layer of protection to my eSIM.

To turn on this tool, I went to my iPhone’s Settings app:

1. Navigate to Settings > Cellular.
2. Select SIM PIN.
3. Toggle SIM PIN on and enter a PIN code on the next window.

As per our sister site, Android Police, Android devices also have a SIM lock feature that delivers a similar level of security.

While eSIMs are safer than a physical SIM card in many cases, switching on this feature gives me extra reassurance.

5. Protecting My Account With My Network Provider

Setting a PIN code for my eSIM keeps my device safe from unauthorized use, but I don’t stop there. One of the best ways I keep everything in check away from my device is to protect my account with my network provider.

I’ve taken multiple steps to secure my network provider account. First, I use two-factor authentication (2FA). Even if someone guessed my password correctly, they still wouldn’t be able to access my account.

As another layer of protection, I’ve also enabled login via a digital ID tool. I use this tool to access multiple public services in my country, and it’s great for protecting my account. I either need to scan a QR code or verify via an extra app before accessing my account.

6. Not Using SMS for 2FA

I don’t recommend using SMS for 2FA for multiple reasons. In the past, I’ve had issues where I didn’t receive the code, but frankly, that was the least of my concerns. If I used SMS 2FA with an eSIM, and a hacker successfully swapped my SIM card, I’d then leave myself open for further attacks.

I typically use an authenticator app for multi-factor authentication (MFA) now. Google Authenticator is my favorite as it’s easy to set up, but Microsoft Authenticator is another good choice.

7. Limiting My Public Wi-Fi Use

As a general rule, I try to avoid using public Wi-Fi unless it’s absolutely necessary. The risks aren’t worth the trade-off, and most of the time, I don’t need to access the internet when these networks are available. It’s a force of habit more than anything else.

I only let myself use public Wi-Fi if I’m in a foreign country and need to look for directions. Since I now have a data plan that lets me access the internet in over 50 countries, this isn’t necessary for me on most trips anyway.

Not using unsecured public Wi-Fi means that hackers cannot see my online data, which helps keep my eSIM safe from attacks. If I really needed public Wi-Fi, it’s better to ask the staff and see if they’ll let me use a secured network first.

8. Limiting Where I Use My Phone Number Online

I try to avoid using my phone number online wherever possible. I have never given people I work with my number, as to be honest, I don’t need to be available all the time (nor do I want to). However, even when setting up online accounts, I avoid using my mobile number whenever possible.

I use my phone number for account recovery; it helps if I can get back into my account if I forget my email address or password. Other than that, I use my number to track online orders. However, I’ll never add it to a profile just because.

Since I don’t have my phone number readily accessible, it’s harder for hackers to attempt to swap my eSIM or use my contact details for malicious purposes.