Cell phone customers have been warned about a lot of different pitfalls when it comes to protecting their privacy and their data.

Using a passcode to lock your phone, logging out of sensitive apps and making sure you’re only downloading vetted content are still important ways to avoid a lot of common threats. Recently, word got out about the danger from phone number porting (when a scammer convinces a cellular provider employee to move your phone number to a new handset) and consumers have been warned to be vigilant about any unusual activity with their phones as a result.

Now, there’s a new threat: SIM swapping. Your SIM card (Subscriber Identification Module), the tiny little microchip that tells your phone what number it responds to and what information it contains, is transferable to another phone. That’s how you can upgrade to a new phone or  buy another phone if yours is damaged, while still keeping your phone number, photos, music downloads and more. But much like phone number porting, SIM porting is easy to do if you can convince a cellular employee to do it.

This new hacking threat came to light when an Instagram user began receiving notifications about his account. He checked his phone and didn’t notice anything out of the ordinary, but later realized he was using it on his home Wi-Fi connection (not cellular…smartphones will work as mini tablets even without mobile plans as long as they’re connected to Wi-Fi). Only after he was locked out of his Instagram account and Snapchat account did he realize there was a serious problem.

After checking with his provider, he learned that his SIM card information transferred to a new SIM card and inserted into a different handset. It’s not certain yet if the cellular employee did this maliciously or was truly unaware that the person who attempted it was not the account holder.

Of course, there’s more to the story: the person who did this didn’t want the victim’s personal information, email account or mobile wallet. They simply wanted to take over that individual’s social media accounts so they could have the username. Again, it’s not certain what the person planned to do with that username once they took control of it since loading any Instagram images themselves would have implicated them, but that is the only thing the thief did with the access to the phone.

This incident and others like it should serve as a warning about taking strange activity seriously. It doesn’t matter if it’s a weird charge on your credit card statement, notification from a company you do business with, a strange message on Facebook that indicates someone has broken into your account or a medical bill for the care you didn’t receive. If you learn that something unusual has occurred, it could be a sign of a much bigger problem. Take immediate action by contacting the entity directly and find out just how far the suspicious activity goes.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.