MOBILE SIM SWAP SCAM
...scammers basically take over control of your mobile phone’s number
ASUBSCRIBER Identification Module (SIM) swap scam happens when criminals take over control of your phone by tricking your carrier to connect your phone number to a SIM card in their possession.
These scammers basically take over control of your mobile phone’s number.
A SIM swap scam is a type of identity theft that exploits the SIM system’s biggest vulnerability.
To steal your number, scammers start by gathering as much personal information on you as they can find and then engaging in social engineering.
Mobile SIM swap scam has risen in recent years. The fraudster can take over your mobile phone number in a SIM swap scam.
Once they have access to your phone number, they have all your phone calls, text messages, and potentially access to any two-factor authentication linked to your number.
They will pose as you and convince your wireless provider to transfer your number to a new SIM card they control.
Scammers then can then use this information to commit fraud, such as accessing bank accounts or credit cards.
First, the scammers call your mobile carrier, impersonating you and claiming to have lost or damaged their SIM card which in reality is yours.
They then ask the customer service representative to activate a new SIM card in the fraudster’s possession. This ports your telephone number to the criminal’s device, which contains the scammer’s own SIM card.
Once your carrier completes this request, all phone calls and texts that are supposed to go to you will instead go to the scammer’s device.
A high proportion of banking customers now have mobile phone numbers linked with their accounts, and so this attack is becoming common in countries where this attack was not previously so common.
Unlike mobile malware, SIM scam attacks are usually aimed at profitable victims that have been specifically targeted through successful social engineering.
Usually, someone first becomes aware that they have fallen victim to a sim-swap scam when their phone stops working or they discover they are unable to access bank and credit card accounts.
Sometimes people may get a text message or an email prior to the swap taking place.
SIM swap scam occurs when scammers take advantage of a weakness in two-factor authentication and verification and use your phone number to access your accounts.
This is known as SIM swap fraud, and it means scammers could potentially enter your username and password when logging onto your bank’s website.
The bank will then send a code by text, two-factor authentication, to your smartphone number, a code that you will then have to enter to access your online account.
After a SIM swap, that number now goes to the smartphone or other device possessed by scammers. They can then use that code to enter your bank account.
SIM swapping scam has become one of the emerging threats to mobile banking. Scammers leverage the thumbnail-sized card that activates a cell phone to take over the user’s identity and clean out mobile banking accounts.
Because a user’s device is a central component to enforcing security controls in online banking applications, such as sending one-time SMS passcodes as a strong authentication mechanism, most financial institutions place strict measures on how a user can register a new device.
It typically requires that the user be able to receive an SMS to the phone number of record when the account is created.
Some basic practices can help prevent SIM swapping scam, such as asking users to set their PIN on their mobile account to something less obvious than their birthday or the last four digits of their Social Security number.
Financial institutions can also switch to a two-factor authentication method that does not depend on text messaging but uses some other token for identity proofing instead.
That is where a more sophisticated approach to identity authentication can stop SIM swapping scams in its tracks. An identity authenticator that uses SIM binding, an approach that verifies both the user and the device being used can help.
SIM binding uses a combination of SIM detection and SMS verification that validates the user’s cell phone number against the one that is registered with the financial institution or employer.
That way, only a customer using the phone number registered to that account can pair their device to an identity authenticator to conduct any transactions.
When registering with an authentication app that has SIM binding features, the user must verify their cell phone number; after that, the authentication will deny any attempt to register an unauthorised device or phone number on that account.
It is very important that financial institutions get ahead of SIM abuse because it undermines one of the most reliable sources of trust and authentication they have with digital customers.
Fortunately, you as an individual can protect yourself against SIM swapping.
It is all about preventing scammers from finding out what logins and passwords you use to access your online bank or credit card accounts. And it helps, too, to look out for the most common warning signs of a SIM swap scam.
As with many frauds around bank security, there are simple ways for consumers to avoid being scammed such as not responding to unsolicited emails, texts or phone calls.
These may allow attackers to access personal data which can then be used to convince the bank that they are you.
Avoid oversharing personal details on social networks as well as putting your birth date, that of children or relatives, the name of your first pet or school, as these are all frequently used as the answers to questions that banks ask.
If your phone stops working normally, inform both your bank and your mobile phone provider.