Daily Mail

SIM CARD SCAM BANK

With terrifying ease, fraudsters could empty your bank account — just by fooling your mobile phone provider

- By Amelia Murray a.murray@dailymail.co.uk

WHEN Ryan Finnegan received a text message out of the blue from Tesco Mobile thanking him for calling its customer service department, he phoned back his provider immediatel­y.

The 37-year-old was told he could be the victim of a fraud, but was assured nothing had changed with his account.

At 6.30pm that evening, he was sent an email from TSB confirming his registrati­on to its internet banking service.

Ryan knew something was wrong, because he had opted not to bank online years before. Shortly afterwards, his mobile phone network signal disappeare­d. His wife, Anne Margaret, checked their joint account balance and discovered it had been emptied of £2,500. ‘ This was everything we had. I had no idea how we were going to feed our two children and pay the bills,’ he says.

Ryan, a civil servant from Dundee, was the victim of a socalled Sim swap scam.

This is where fraudsters trick your network provider into transferri­ng your mobile phone number on to another Sim card.

They do this to steal six- digit verificati­on codes sent by text from your bank when you try to set up new payees and transfer money online. These one-time passcodes are supposed to provide a second layer of security, known as twofactor authentica­tion — but they can be intercepte­d.

Fraudsters will already have stolen enough informatio­n to access your bank account, such as your username and password. They then find out who the victim’s network provider is — which they can do easily online — and pose as them over the phone or in store.

When you request to move your phone number to a different Sim card, providers typically ask for your name, address, date of birth and one or two security questions, according to Chris Underhill from Equiniti Cyber Security.

‘Personal informatio­n, such as names, addresses and dates of birth, can be found easily on social media and online directorie­s,’ says Mr Underhill. ‘Fraudsters can also obtain these details by tricking people over text, email or phone. Security questions can also be easy to find out.’

When Ryan reported the scam to Tesco Mobile last May, he discovered fraudsters had called the provider five times on one day trying to guess the answer to his security question — his favourite colour. ‘Why weren’t these calls flagged as suspicious?’ he says.

Ryan got his money back and, after Money Mail intervened, a £450 goodwill payment from TSB.

Some 549 cases of Sim swap scams were reported to Action Fraud, the cybercrime reporting service, in the three years to August 2018. The average loss was around £4,000. Experts say network providers must do more to verify the identity of their customers. Money Mail asked the biggest providers what informatio­n they require to swap a Sim. Vodafone says it asks a range of security questions and sends a one-time access code to your mobile phone for verificati­on. Customers can also use Vodafone’s Voice ID feature, which uses voice recognitio­n software. O2 says it sends a code to your mobile phone before a new Sim can be activated. Photo ID is needed in store. EE asks customers a number of questions to prove their identity. If the customer fails these checks by phone, they must present a photo ID in store. Tesco Mobile says it does not publicly share its security processes. A spokesman says the company has investigat­ed Ryan’s case and is satisfied that it followed procedures.

 ??  ??

Newspapers in English

Newspapers from United Kingdom