In today’s mobile-centric world, using mobile phones for Internet banking is standard practice for most people, but do customers know their cellphone could provide a way for cybercriminals to access their financial accounts? They could be at risk of SIM swap fraud, where scammers cancel and re-activate new SIM cards to hack into bank accounts. This is reportedly on the rise.
What is SIM swap fraud?
SIM swap fraud is a type of identity theft that exploits the SIM system’s biggest vulnerability: Platform agnosticism.
Unlike mobile malware, SIM fraud attacks are usually aimed at profitable victims that have been specifically targeted through “social engineering.”
How does it work?
As the name suggests, this scam aims to transfer your phone number onto a fresh SIM. The process is simple in itself but involves several steps. Here’s what to watch out for:
According to the National Fraud Intelligence Bureau, the SIM splitter’s first step is to access your personal information. This can be achieved through bank statements, as well as increasingly through scouring social media profiles.
The hacker then obtains a blank SIM card and rings your mobile phone operator. With your personal information in hand, they pass the security checks and report your phone stolen.
At this point, your SIM is blocked and the hacker activates the ‘new’ one.
While the victim is left with no service, the hacker is able to access all texts and calls, including the unique code, which the bank sends to access their online system. The perpetrator has free rein over your account and can transfer your funds wherever they wish.
Signs of SIM swap fraud
It’s tough to detect SIM card fraud before it happens. Most victims discover they’ve been compromised when they try to place a call or text. Once the perpetrators deactivate a SIM, messages and calls won’t go through. But some banks and carriers have instituted protections that prevent SIM swap fraud before it happens.
“There are multiple organisational and technical ways to combat SIM fraud from introducing user alerting and additional checks for SIM reissuing to sharing knowledge of SIM swap activity between banks and phone companies,” analysts said.
Banks are aware of SIM splitting and have since taken steps to secure their infrastructure.
But, as with most scams, it is possible to reduce the chance that you’ll become a victim.
Safeguarding your information and your device
For the scam to be successful, hackers need access to personal information. According to the National Fraud and Cyber Crime Reporting Centre, this is usually achieved through purchasing a victim’s details from organised crime networks, which harvest your information via Trojan malware, and by scraping it from the public domain (social media). Your best defence is to defend these potential access routes through:
– Ensuring that all your devices have adequate firewall/anti-virus protection. There are a number of efficient, free options.
– Only downloading programmes, apps and information from known and trusted sources. Hackers will attempt to trick you into downloading their phishing software.
– Before entering your bank details ensure that the site is what it says it is. Scammers will create duplicate sites to steal your information. A site’s details are usually accessed via the padlock on the browser bar.
– Keeping personal information which may be used to answer security questions off social media (e.g. birth date, first pet, first school).
– Using strong passwords. A strong password is around 12 characters and need not be a string of letters and numbers.
So, while you might have a whole host of defences guarding your computer, don’t neglect to protect your mobile as well. If you’ve got personal data on your phone then it’s just another opportunity for hackers to break in and swipe your data, especially as they know it’s something people often overlook. Take the same precautions you would with any other electric device that holds personal information and keep an eye out for any suspicious activity.