Chinenye Anuforo [email protected]
A recently published study has showed how easy it is for hackers and fraudsters to take control of your phone number, potentially leading to thousands of fraud. The practice of SIM swapping is becoming more common, and despite telecom companies putting safeguards in place, it’s scary how quickly hackers are able to take over a phone number.
The SIM card inside your phone is a small plastic chip that tells your device, which cellular network to connect to, and which phone number to use. We rarely ever think about SIM cards, except maybe when we get a new phone.
But here’s the problem, hackers know that SIM cards are a fairly easy access point when it comes to taking over someone’s phone number, and in turn gain access to their online accounts.
Phone number theft is something most don’t think is even possible, but it’s all too easy for hackers to do, giving them the keys to take over your online accounts.
In today’s mobile-centric world, using mobile phones for Internet banking is standard practice for most people, but do customers know they could be at risk of SIM swap fraud, where scammers cancel and re-activate new SIM cards to hack into bank accounts. This is reportedly on the rise.
What exactly is SIM swap?
SIM swap is a type of phishing fraud that poses a serious threat to customer and bank security. The fraudster obtains an individual’s banking details through phishing techniques or by purchasing these from organised crime networks.
How does it work?
As the name suggests, this scam aims to transfer your phone number onto a fresh SIM. The process is simple in itself but involves several steps. Here’s what to watch out for:
According to the National Fraud Intelligence Bureau, the SIM splitter’s first step is to access your personal information. This can be achieved through bank statements, as well as increasingly through scouring social media profiles.
The hacker then obtains a blank SIM card and rings your mobile phone operator. With your personal information in hand, they pass the security checks and report your phone stolen.
At this point your SIM is blocked and the hacker activates the ‘new’ one.
While the victim is left with no service, the hacker is able to access all texts and calls, including the unique code which the bank sends to access their online system. The perpetrator has free rein over your account and can transfer your funds wherever they wish.
Signs of SIM swap fraud
It’s tough to detect SIM card fraud before it happens. Most victims discover they’ve been compromised when they try to place a call or text. Once the perpetrators deactivate a SIM, messages and calls won’t go through. But some banks and carriers have instituted protections that prevent SIM swap fraud before it happens.
“There are multiple organizational and technical ways to combat SIM fraud from introducing user alerting and additional checks for SIM reissuing to sharing knowledge of SIM swap activity between banks and phone companies,” analysts said.
Banks are aware of SIM splitting and have since taken steps to secure their infrastructure.
But, as with most scams, it is possible to reduce the chance that you’ll become a victim.
Safeguarding your information and your device
For the scam to be successful, hackers need access to personal information. According to the National Fraud and Cyber Crime Reporting Centre, this is usually achieved through purchasing a victim’s details from organised crime networks, which harvest your information via Trojan malware, and by scraping it from the public domain (social media). Your best defence is to defend these potential access routes through:
•Ensuring that all your devices have adequate firewall/anti-virus
protection. There are a number of efficient, free options.
•Only downloading programmes, apps and information from known and trusted sources. Hackers will attempt to trick you into downloading their phishing software.
•Before entering your bank details ensure that the site is what it says it is. Scammers will create duplicate sites to steal your information. A site’s details are usually accessed via the padlock on the browser bar.
•Keeping personal information which may be used to answer security questions off social media (e.g. birth date, first pet, first school).
•Using strong passwords. A strong password is around twelve characters and need not be a string of letters and numbers.