SIM swap card fraud

SIM Swap Fraud - Everything You Need To Know

Rachel Carr Written by Rachel Carr
Last updated on June 29, 2021

Recently, Katherine was notified by her network provider that her SIM was being ported. She thought it odd, but ignored it, thinking it must have been made in error. In the next 48 hours, she noticed huge sums being spent via an online transfer from her bank accounts. She had been a victim of SIM swap fraud, a fast-growing criminal act.

SIM swap fraud is a criminal offense affecting increasing numbers of mobile phone users. It has touched the lives of all different types of people, with even celebrities finding themselves victims. It is thought that in 2020 alone, one criminal gang managed to swipe more than $100million from U.S. celebrities and their families. In the UK, since 2015, more than £10million has been taken from the accounts of UK consumers.

Given the vast sums of money at stake, we look at what exactly SIM swapping is, how do SIM swap scams work, and how to prevent SIM swapping.

In This Article

What is SIM swapping?

SIM swapping is when a fraudster ascertains a person’s information including their phone number. They then contact the person’s mobile network provider and request for the number to be transferred, or ported, to another SIM card and device. Crucially that device is controlled by the fraudster. If successful, from that port on, the fraudster then receives all incoming calls and texts intended for their victim.

It means that fraudsters can then intercept any two-factor authentication processes that are linked to a phone number. So, along with other personally sensitive financial data they have managed to attain, they can access bank accounts when used alongside any passcodes sent to a victim’s number.

How is a SIM swap scam done?

SIM swap scams are a part of a long-term strategy by fraudsters. It is long-term as they will often have to spend a while building up a picture of you and many pieces of your sensitive personal data. They either ascertain that data from social media or by buying it on the dark web. That personal data is what they use to bypass security when contacting your network provider, asking for a SIM swap or a PAC request.

On the whole, networks do have robust enough procedures in place that even with your sensitive information it is difficult to request a SIM port fraudulently. In fact, even if you were to go into a network provider’s shop to ask for a SIM port transfer legitimately, you would need to take a photo ID. However, on the phone, a fraudster may get lucky with a little bit of persistence and finding a network provider employee who does not follow a company’s security procedure to the letter.

In short, a fraudster uses the sensitive information they know about their victim to impersonate them. They then can successfully transfer the victim’s mobile number to their own SIM and have control over all future communication.

How to prevent SIM swapping?

There are a number of actions we can all take to help prevent ourselves from becoming a victim of SIM swapping. Firstly, make sure your mobile account is only accessible by you alone. Your mobile account with your network provider needs to have a password that only you know. Try to create the perfect password that is totally unique to you and hard to guess. Additionally, you can improve your protection on mobile accounts by providing only answers you know to their security questions. If needs be, give totally uncorrelated answers to questions that you remember, but no one can guess either.

Secondly, make sure that your social media profiles do not give away too much information that can be used by fraudsters. Currently, social media profiles are an easy way for fraudsters to get to know bits of information about you. Make sure you do not advertise any sensitive information like your birthday for example, or your mother’s maiden name. When looking across a number of different social media platforms, fraudsters can start to build up a big picture of you with lots of information to help get through any security issues with banks or other services.

Thirdly, one thing we can all benefit from is to be on the lookout for phishing scams. Phishing scams are, sadly, becoming increasingly more professional-looking, making them harder to spot. However, make sure you are never a victim of a phishing attempt by only ever giving out information that you know is to a genuine organization.

Next, simply know what an unauthorized SIM swap looks like. An unauthorized SIM swap will often mean you receive unsolicited messages about your SIM being transferred or about a PAC request. You will also lose phone signal suddenly. If you spot any of these signs, you need to call your network provider. If they confirm that your phone number has been ported without your consent, you need to call your bank to freeze your accounts. Doing so will mean that the fraudster cannot make any expenditure on your behalf. The same is the case with credit cards.

Finally, many of us will have our mobile numbers connected with websites for a password reset. If possible, try to use apps that are linked to an actual device as opposed to a phone number. It means fraudsters are less capable of accessing every single account you have online, which may hold sensitive information on you. This is even more so the case if you protect your mobile as best possible too.

What to do if you are a victim of SIM swapping

If it is too late to prevent the attack, you need to contact your phone network on someone else’s phone as soon as possible. Additionally, you need to call all your banks and financial institutions with whom you have an account or card. Ask them to reset any passwords on your account. You will need to start their claim back procedure with them should any fraudulent transactions already have taken place.

It can be beneficial to change your passwords for other accounts – however incongruous you think they are – too. By keeping them the same, the fraudster can hack into your online accounts and continue to glean sensitive information about you that they may find useful in the future.

Ultimately, you must call your network provider as soon as possible to recover your access to your phone. Doing so minimizes the time a fraudster has to make any purchases with your information.

How to stop SIM swap fraud

Given what is at stake if you suffer from a SIM swap attack, it is good to learn how to stop SIM swap fraud in the first place. Here is a checklist to help prevent SIM swap attacks on you and your household in the future.

  1. Secure your mobile account
  2. Look at your social media profiles
  3. Learn to recognize phishing
  4. Know what an unauthorized SIM swap looks like
  5. Call your banks
  6. Try to use 2-factor authentication apps

SIM swap attack FAQs

? ? Is SIM swap a form of social engineering attack?
Arguably, yes. A SIM swap is often successful if a fraudster has managed to build up a picture of you through your social media profiles. In doing so, they have ascertained enough information on you that they can answer a whole host of security questions about you correctly.
? ? Do cybersecurity insurances usually cover SIM swapping scams?
As with any insurance policy, what it covers you for is in the fine print of the policy you finally purchase. For the most part, you would think that cybersecurity insurances do usually cover SIM swapping scams. But that is by no means a given. Check your policy covers you for this before purchasing.
? ? What are mobile networks doing to prevent SIM swap fraud?
Mobile networks are trying increasingly to work together to prevent SIM swap fraud. Many now require enhanced checks for anyone trying to get hold of someone else’s phone number. For the most part, many of the processes that phone networks have in place are already highly effective. But persistent fraudsters will keep going until they find one weak link in the chain.
? ? How to secure any financial data from being hacked via SIM swap fraud
It is possible to secure financial data from being hacked via SIM swap fraud by alerting your banks as soon as possible if you believe you have been a victim of a SIM swap. However, there is more that could be done. In Mozambique, for example, mobile networks now inform banks when mobile phone numbers have recently been ported. Banks there can then stop any transactions that occur within 48 hours of the port.

What is a SIM swap scam – Key takeaways

The frequency of SIM swap scams is increasing as more and more fraudsters become more intelligent as to how to work the system. However, there is so much that you can do on an individual level that will help protect you from any unauthorized SIM swap fraud. Simply by knowing how it occurs and what the signs are for it, you are helping prevent yourself from becoming a victim. By then knowing what to do when you see those signs, you should be able to minimize, if not eradicate, any risk you have of fraudulent financial transactions being carried out in your name.

Article comments