With smartphones providing a gateway to our financial data they are becoming a prime target for fraudsters. SIM-swapping fraud occurs when someone takes control of your mobile phone number and uses it to gain access to your apps and banking.
This article addresses the following issues:
In March 2020 a press release from Europol announced that it had been involved in two separate operations investigating SIM-swapping fraud.
In “Operation Quinientos Dusim” 12 arrests were made of criminals who were believed to be part of a hacking ring who had stolen over 3 million euros in a series of SIM-swapping attacks. It is understood that the individuals were from across a variety of countries from Colombia to Romania and had struck over 100 times stealing from between 6,000 – 137,000 euros per attack. This was all done in a very short period of time, typically 1-2 hours which is barely enough time for the victim to realise there is something awry.
Further “Operation Smart Cash” led to arrests of 14 members of a criminal gang who emptied bank accounts in Austria by gaining control of their victims phone numbers and withdrawing money from cash machines using an authentication code sent to the phone. It is estimated that they managed to steal over half a million euros.
It is clear that this type of fraud is on the increase and in the UK reports to Action Fraud of SIM-swapping have increased by 400% since 2015.
SIM-swapping is when fraudsters gain access to your mobile phone number and use it to gain access to personal data and accounts.
If you access your bank accounts through text based two-factor identification you could be at risk. Two factor text based authentication means that you enter your bank account by inputting your username and password and your bank then sends an access code to your phone to allow you to complete your log-in.
Firstly, the fraudster will start by gathering personal information about the victim. This can be through any number of ways such as phishing emails, buying them on the dark web, attacking your device with malware or direct interaction. Simply put, it starts with identity theft. It is worth noting that in some cases SIM numbers can be changed directly by your provider through a bribed employee.
Once the scammer has enough information to pose as you they will contact your network provider and ask for your number to be switched to a new SIM in their possession or a request a PAC code to allow them to change the number to a new network. The result for you will mean a sudden loss of network coverage with no explanation and the fraudster will then receive all your calls and SMS messages.
Thereafter the fraudster will then use the stolen credentials to log in to your financial accounts and then validate any transactions that they undertake with the password sent by the bank to the mobile phone. In addition, where there are websites that use your phone number to reset passwords access can easily be gained. Amazon is one such website.
You should report the situation to your service provider and your bank immediately. Even if no transactions have been made an alert can be placed on the account and passwords and authentication processes changed.
If you think you may have been a victim of fraud then please do not hesitate to get in touch at email@example.com.