SIM swapping: A hot fraud, but you can stop it.
SIM swapping: A hot fraud, but you can stop it.
There seems to be no limit to the reach of cyber criminals. Fraudsters are inventing new ways, almost on a daily basis, to compromise the security of honest users of information technology.
SIM-swapping frauds are on the rise:
SIM swap simply mean changing mobile SIM cards. If this is done without your knowledge, then it is probably done for some fraudulent activity. Under SIM swap fraud, fraudsters get a new SIM card issued against your registered mobile number via the mobile service provider. With the help of this new SIM, they can get One Time Password (OTP) and other alerts required to carry out financial transactions through your bank account.
How did they get the personal information? They could have obtained it from data exposed in data breaches or the social networks where you publicly share your information. But what if someone is unable to get your data, email address, or credentials? It’s unlikely that they will be able to SIM swap you. That also highlights the importance of using common sense as a defence against these types of attacks.
Modus Operandi: The SIM Swap Fraud
- The fraudster obtains the victim's bank account details and registered mobile number via social engineering tactics such as phishing, vishing, smishing, etc.
- After this, he/she visits the mobile operator’s retail outlet posing as the victim with a fake ID proof to get the original SIM blocked.
- Post verification, the operator deactivates the genuine customer’s (victim’s) SIM and issues a new SIM card to the fake customer.
- Now, the fraudster can obtain OTPs with the new SIM to conduct fraudulent transactions.
Warning signs you have been SIM swapped
Here are a few warning signs that you have been SIM swapped:
- A typical sign that you are a victim is that your phone network will show no signals. You cannot make phone calls or send text messages using your mobile phone. In addition, your SIM card will not show your service provider company.
- Some wireless carrier services use client email to send notifications. For example, if your email account is not compromised yet, you will receive a notification via email. Now you know that your new SIM card has been activated even though you never requested for one.
- Another sign of SIM-swapping is you are no longer the owner of your accounts. It is because your account details were changed by the attacker.
How to prevent a SIM Swap?
- Enquire with your mobile operator if you have no network connectivity and you are not receiving any calls or SMSs for unusually long periods.
- Do not neglect messages sent from your network provider that highlight a probable SIM-Swap. Remember to respond quickly.
- Never switch off your smartphone in the event you receive numerous unknown calls. It could be a ploy to get you to turn off your phone and prevent you from noticing a tampered network connection.
- Register for instant alerts (both SMS and Emails) that inform you of any activity in your bank account.
- Check your bank statements frequently to identify irregularities.
How to protect personal information online
- Don’t fall prey to phishing scams. Phishers will often pose as legitimate organizations such as banks and other financial institutions that you may have an account with. They will try to access sensitive data like passwords, allowing them easy access to bank accounts.
- Be mindful of the personal information you share on social media. The more intimate details accessible about your life, the greater risk there is for a SIM- swapping fraud to be successful. Attackers use this data against unsuspecting victims by guessing passwords and answers to security questions like “What was my first car?” So be smart with what you post online.
- If you see a warning about visiting a website, it means the site is likely to be compromised. If this happens, try looking for information elsewhere. Do not follow any links on that page that could potentially compromise your device further.
- You can’t be too careful. It’s always better to err on the side of caution. Never download an attachment from an unknown sender or source.
Contact
For more information on how we can help you secure your data, get you compliant and protect your business, please complete the form below and one of Information security / Cyber Forensic expert and Compliance specialists will respond to you as soon as possible.