How to guard yourself against SIM swap fraud
Updated 18th January 2017
It's remarkable that nowadays we can walk around with what is in essence a supercomputer in our pockets. Capable of countless tasks, for many of us going without a smartphone is like losing a limb. Giving us unlimited knowledge and features just a few taps away, it comes as no surprise that hackers are now moving in on our mobile phones.
Since 2015, a new form of hacking has emerged aimed at SIM cards. Known as 'SIM Splitting', this hack is part of a wider fraud operation that seeks to acquire bundles of personal information for nefarious purposes. Greater vigilance is needed to kerb this trend in 2017.
What is SIM swap fraud and how does it work?
As the name suggests, this scam aims to transfer your phone number onto a fresh SIM. The process is simple in itself but involves several steps. Here's what to watch out for:
According to the National Fraud Intelligence Bureau, the SIM splitter's first step is to access your personal information. This can be achieved through bank statements, as well as increasingly through scouring social media profiles.
The hacker then obtains a blank SIM card and rings your mobile phone operator. With your personal information in hand, they pass the security checks and report your phone stolen.
At this point your SIM is blocked and the hacker activates the 'new' one.
While the victim is left with no service, the hacker is able to access all texts and calls, including the unique code which the bank sends to access their online system. The perpetrator has free rein over your account and can transfer your funds wherever they wish.
Banks are aware of SIM splitting and in March last year, Natwest admitted that its systems were at risk and have since taken steps to secure its infrastructure. But, as with most scams, it's possible to reduce the chance that you'll become a victim.
Safeguarding your information and your device
For the scam to be successful, hackers need access to personal information. According to the National Fraud and Cyber Crime Reporting Centre, this is usually achieved through purchasing a victim's details from organised crime networks, which harvest your information via Trojan malware, and by scraping it from the public domain (social media). Your best defence is therefore to defend these potential access routes through:
Ensuring that all your devices have adequate firewall/anti-virus protection. There are a number of efficient, free options.
Only downloading programmes, apps and information from known and trusted sources. Hackers will attempt to trick you into downloading their phishing software.
Before entering your bank details ensure that the site is what it says it is. Scammers will create duplicate sites to steal your information. A site's details are usually accessed via the padlock on the browser bar.
Keeping personal information which may be used to answer security questions off social media (e.g. birth date, first pet, first school).
Using strong passwords. A strong password is around twelve characters and need not be a string of letters and numbers. Click here for 5 password tips for better security.
So whilst you might have a whole host of defences guarding your computer, don't neglect to protect your mobile as well. If you've got personal data on your phone then it's just another opportunity for hackers to break in and swipe your data, especially as they know it's something people often overlook. Take the same precautions you would with any other electric device that holds personal information and keep an eye out for any suspicious activity!
This is a guest post from Immervox, a business telecoms solutions provider specialising in VoIP, Mobile, Data and Cloud
The biggest cybersecurity threats of 2019
As cyber-crime becomes more common-place, all businesses – even small ones – need to be prepared.
Why is cybersecurity important?
Investing in cybersecurity technology, processes and training is vital for a small business. Here's why.