SIM Swap fraud occurs when a criminal registers an existing phone number of a victim on a new SIM card by impersonating the victim to the mobile phone provider. Once activated, a criminal will receive all the calls and SMS notifications sent to the victim’s mobile number and can deactivate the original SIM card in the process. Once in control, criminals are able to bypass SMS-based one-time-passcodes, and steal large amounts of money quickly. This is often before the victim is even aware they have been targeted.
A number of banks as well as the leading mobile network operators are beginning to tackle SIM Swap fraud, but consumer awareness of the crime has stayed relatively out of the headlines. There are a number of signs that mobile banking customers can look out for to identify if their SIM card may have been compromised, or their phone has been taken over.
- Phishing messages and suspicious communications asking for banking information
SIM Swap fraud requires the hacker to have access to a victim’s bank details. These are often obtained through an email phishing attack, unsolicited communications asking for details, or by purchasing that information from online crime gangs. You should never respond to these types of communications or send your bank details on any platform that could be read by someone else. Your bank will never ask for this information so don’t be fooled by fraudsters imitating your bank. This leads to the initial opportunity to get account access or access to a duplicate SIM card, it also could provide criminals with the answers to personal security questions.
- Extended loss of signal
Once SIM Swap fraud has occurred, it is not instantly noticeable to the victim. Extended loss of signal is the initial sign that SIM Swap fraud has taken place, as the control has been switched to a new device. Contact your mobile network provider to check if it is a widely known issue, or isolated to your device.
- Floods of calls and messages
This is a tactic that runs parallel to the extended loss of signal. Criminals will send a flurry of nuisance calls and/or messages in an attempt to get victims to turn their phone off. If you’re suspicious, it’s vital that you don’t turn your phone off as this is used as a distraction to delay you noticing a loss of service when a SIM is swapped.
- Opening links on your phone
Whether the link is sent to a victim via a phishing message or is on an unknown website, mobile phone users should be cautious when opening links on their device, and delete anything suspicious immediately. Hackers can use links that contain application packages that, if installed, will give the people behind the malware administrator rights to the victim’s device.
- Be aware of the source of any applications you download
Only download applications or make in-app purchases from approved sources or stores. To prevent suspicious applications from being installed, Android phone users can go to Settings/Security and turn the ‘Unknown Sources’ option off, which will stop the phone installing them from anywhere other than Google Play.
SMS should not be used alone to verify a customer’s identity; it should be used in conjunction with other authentication factors. Banking organisations could make use of voice recognition to verify a transaction, as well as clever background checks using mobile data – for e.g. measuring how long it takes a call to connect, suggesting a call divert is in place and therefore a potential fraud. This is why multi-factor authentication to make transactions is so important.
Find out about call centre fraud detection by visiting Alvaria Compliance