Sim swap fraud is another form of cyber fraud set to blight our enjoyment of the equipment that has for many of become part of our everyday lives. This time it’s the humble smartphone and it’s probably not exactly what you think it is. It’s not a virus, in this instance. No one is listening to your calls, reading your texts, monitoring your internet usage or eavesdropping on any of the apps you are using. It is however true that all those things could happen given the right set of circumstances, regardless of whether you are using IOS, Android or Windows. So it’s important to keep all the software updated as and when it is required.
‘Sim swap fraud’ is where a fraudster obtains a replacement sim in the targets name. The first the victim will know of a problem is when their mobile stops working, and they report it to their provider. In the meantime, their bank account may have been emptied. So how would that work, I hear you say. Surely, they will just have access to my phone account which I can easily block, which in part is true. However, in that intervening period the would-be fraudster could rack up a significant number of calls to premium rate numbers. If they were feeling particularly vindictive international calls which will just incur cost. Worrying as that all may seem it’s just about to get a lot more sinister.
Criminal gangs are targeting their victims to discover their bank details either by phishing emails or simply purchasing them on the dark web. All of which are much more easily obtained following a number of high-profile data breaches. Thankfully, there’s a quick, easy way to see if you’re at risk from the many recent data breaches and it’s free. Check out the HaveIBeenPwned? website (‘pwned’ is computer-nerd speak for ‘being defeated’; it’s pronounced ‘poned’) it allows anyone to check if their accounts have been compromised.
Once the bank account details have been established the fraudsters open a parallel bank account with the same bank in the customer’s name. This requires fewer security checks, to establish whether they are already a customer. Next, they contact the mobile service provider to initiate the sim swap claiming they have lost or damaged their sim card or perhaps changed their mobile and now need a new sim. From then on, they now control their victim’s mobile account. So now the security of two factor authentication with the mobile is rendered ineffective as far as the true owner is concerned. Allowing the fraudsters to intercept or initiate calls, texts and authorisations such as those used for cash transfers. They can also request that security settings are changed to stop the victim gaining access to their account.
Actual Sim Swap Cases