Don’t be a victim of SIM swap fraud
Published 3 October 2015
Fraudsters are now using SIM cards to gain access to your accounts – find out how to protect yourself here.
As a new and emerging scam, you’ve probably never heard of the SIM swap scam before – few outside of the banking and telecoms industry have, but that’s all the more reason to educate yourself about it. To help you get to grips with what the scam is and the warning signs you should look out for, we’ve put together this guide.
What is the scam?
Fraudsters obtain an individual’s banking details either through a phishing email they’ve sent or by purchasing these from organised crime networks. This information is then used to open up a parallel account with the same bank as the victim and under their name – some banks make fewer security checks if the account holder is already a customer.
The conman then scours the social media accounts of the victim to find information that could potentially help them answer security questions. Armed with this, they then call the victim’s mobile phone provider (established from the victim’s bank statement), posing as them and report their phone as lost or damaged. If they successfully pass the security checks, the old SIM is cancelled and a new one activated – the one that’s in the fraudster’s phone.
The fraudster is then able to have full access to the victim’s mobile account from their own phone, having the ability to intercept phone calls and receive text messages or authorisations such as those used for cash transfers. After transferring funds from the victim’s current account to the newly set up account, the fraudster can use their phone to agree to this.
Due to the sophisticated nature of this scam, most victims only know that there’s a problem when their mobile stops working and they are forced to report it to their provider.
To make sure you’re not the next victim of a scam like this, protect yourself by doing a few of the following:
• Never open or forward emails that you think might be spam or enter your details into an email link.
• Make sure you have the most up-to-date software installed on your computer (some banks offer free security software, so check their website first).
• Be strict about the type of personal information you share on social media sites, as your date of birth, first pet or school could be used to answer security questions. Make sure your security settings are set to maximum privacy too.
• Be careful about what you’re downloading especially when coming from unknown sources or ‘pop-ups’.
• Always use complicated passwords (e.g. a mixture of lower and upper case as well as numbers or symbols) and try to stay away from obvious choices such as names or date of birth. Never use the same password for more than one account either.
• If you notice that you’re not receiving calls and messages, get in contact with your bank.
You can report a fraud like this to Action Fraud online or on 0300 123 2040.