SIM Swap Fraud - Everything You Need To Know
Recently, Katherine was notified by her network provider that her SIM was being ported. She thought it odd, but ignored it, thinking it must have been made in error. In the next 48 hours, she noticed huge sums being spent via an online transfer from her bank accounts. She had been a victim of SIM swap fraud, a fast-growing criminal act.
SIM swap fraud is a criminal offense affecting increasing numbers of mobile phone users. It has touched the lives of all different types of people, with even celebrities finding themselves victims. It is thought that in 2020 alone, one criminal gang managed to swipe more than $100million from U.S. celebrities and their families. In the UK, since 2015, more than £10million has been taken from the accounts of UK consumers.
Given the vast sums of money at stake, we look at what exactly SIM swapping is, how do SIM swap scams work, and how to prevent SIM swapping.
What is SIM swapping?
SIM swapping is when a fraudster ascertains a person’s information including their phone number. They then contact the person’s mobile network provider and request for the number to be transferred, or ported, to another SIM card and device. Crucially that device is controlled by the fraudster. If successful, from that port on, the fraudster then receives all incoming calls and texts intended for their victim.
It means that fraudsters can then intercept any two-factor authentication processes that are linked to a phone number. So, along with other personally sensitive financial data they have managed to attain, they can access bank accounts when used alongside any passcodes sent to a victim’s number.
How is a SIM swap scam done?
SIM swap scams are a part of a long-term strategy by fraudsters. It is long-term as they will often have to spend a while building up a picture of you and many pieces of your sensitive personal data. They either ascertain that data from social media or by buying it on the dark web. That personal data is what they use to bypass security when contacting your network provider, asking for a SIM swap or a PAC request.
On the whole, networks do have robust enough procedures in place that even with your sensitive information it is difficult to request a SIM port fraudulently. In fact, even if you were to go into a network provider’s shop to ask for a SIM port transfer legitimately, you would need to take a photo ID. However, on the phone, a fraudster may get lucky with a little bit of persistence and finding a network provider employee who does not follow a company’s security procedure to the letter.
In short, a fraudster uses the sensitive information they know about their victim to impersonate them. They then can successfully transfer the victim’s mobile number to their own SIM and have control over all future communication.
How to prevent SIM swapping?
There are a number of actions we can all take to help prevent ourselves from becoming a victim of SIM swapping. Firstly, make sure your mobile account is only accessible by you alone. Your mobile account with your network provider needs to have a password that only you know. Try to create the perfect password that is totally unique to you and hard to guess. Additionally, you can improve your protection on mobile accounts by providing only answers you know to their security questions. If needs be, give totally uncorrelated answers to questions that you remember, but no one can guess either.
Secondly, make sure that your social media profiles do not give away too much information that can be used by fraudsters. Currently, social media profiles are an easy way for fraudsters to get to know bits of information about you. Make sure you do not advertise any sensitive information like your birthday for example, or your mother’s maiden name. When looking across a number of different social media platforms, fraudsters can start to build up a big picture of you with lots of information to help get through any security issues with banks or other services.
Thirdly, one thing we can all benefit from is to be on the lookout for phishing scams. Phishing scams are, sadly, becoming increasingly more professional-looking, making them harder to spot. However, make sure you are never a victim of a phishing attempt by only ever giving out information that you know is to a genuine organization.
Next, simply know what an unauthorized SIM swap looks like. An unauthorized SIM swap will often mean you receive unsolicited messages about your SIM being transferred or about a PAC request. You will also lose phone signal suddenly. If you spot any of these signs, you need to call your network provider. If they confirm that your phone number has been ported without your consent, you need to call your bank to freeze your accounts. Doing so will mean that the fraudster cannot make any expenditure on your behalf. The same is the case with credit cards.
Finally, many of us will have our mobile numbers connected with websites for a password reset. If possible, try to use apps that are linked to an actual device as opposed to a phone number. It means fraudsters are less capable of accessing every single account you have online, which may hold sensitive information on you. This is even more so the case if you protect your mobile as best possible too.
What to do if you are a victim of SIM swapping
If it is too late to prevent the attack, you need to contact your phone network on someone else’s phone as soon as possible. Additionally, you need to call all your banks and financial institutions with whom you have an account or card. Ask them to reset any passwords on your account. You will need to start their claim back procedure with them should any fraudulent transactions already have taken place.
It can be beneficial to change your passwords for other accounts – however incongruous you think they are – too. By keeping them the same, the fraudster can hack into your online accounts and continue to glean sensitive information about you that they may find useful in the future.
Ultimately, you must call your network provider as soon as possible to recover your access to your phone. Doing so minimizes the time a fraudster has to make any purchases with your information.
How to stop SIM swap fraud
Given what is at stake if you suffer from a SIM swap attack, it is good to learn how to stop SIM swap fraud in the first place. Here is a checklist to help prevent SIM swap attacks on you and your household in the future.
- Secure your mobile account
- Look at your social media profiles
- Learn to recognize phishing
- Know what an unauthorized SIM swap looks like
- Call your banks
- Try to use 2-factor authentication apps
SIM swap attack FAQs
What is a SIM swap scam – Key takeaways
The frequency of SIM swap scams is increasing as more and more fraudsters become more intelligent as to how to work the system. However, there is so much that you can do on an individual level that will help protect you from any unauthorized SIM swap fraud. Simply by knowing how it occurs and what the signs are for it, you are helping prevent yourself from becoming a victim. By then knowing what to do when you see those signs, you should be able to minimize, if not eradicate, any risk you have of fraudulent financial transactions being carried out in your name.