SIM swap fraud: how to avoid being a victim
Updated 5th September 2016
If you're anything like us, you probably don't think twice about managing your finances on your mobile. In fact, research by the BBA found that mobile banking is now the most popular method of banking across the UK, with a whopping 22.9m apps downloaded last year alone.
While the benefits of these apps are undeniable, you may be unaware that they also put you at risk of a new and emerging scam sweeping the UK - SIM swap fraud.
Your mobile banking is linked up with your mobile phone number, enabling scammers to hack into your account by cancelling and re-activating your SIM card. The first victims know about it is when their mobile phone stops working, and by then it's often too late.
So how does it work?
It's a complex process that starts with scammers obtaining your bank details either through a phishing email or by purchasing them from organised crime networks. They then use this information, along with your personal details (usually sourced from social media), to open up a parallel account with the same bank under your name and help with any potential security questions.
With these in hand, they can then call your mobile phone provider (established from your bank statement) posing as yourself and report the phone as missing or damaged. If they're lucky enough to pass the security checks, the old SIM will be cancelled and a new one activated – which they can then use in their own phone.
The fraudster now has access to your mobile account and all of your calls and texts are routed to their phone, including one-time passwords for banking transactions.
By re-setting passwords, they can now take control of your bank account transfer funds from your current account to the new account they set up earlier. Meanwhile, you're still wondering why your phone has stopped working!
How to protect yourself?
To reduce the chances of becoming a victim, you should keep your personal details as secure as possible. We recommend you follow these simple steps:
Keep personal details such as your date of birth, school, address and phone number off social media and ensure your security settings are set to maximum privacy. This will make it much harder for scammers to impersonate you.
Never open, respond to or forward emails that look suspicious, or enter your details into an email link.
Keep your computer software up-to-date. Your bank may also offer free security software, so be sure to ask about this.
If you notice that you are longer receiving calls or texts on your mobile phone, immediately enquire about it with your mobile operator.
Always use complicated passwords and do not use the same password for multiple accounts.
And remember, if the worst does happen and you're facing the repercussions of a cyber-attack or fraud, your final line of defence is a watertight and specialist cyber insurance policy. Find out more here.
Why is cybersecurity important?
To prevent your business from being a victim of third-party cyber attacks, there is a number of things you can do. Don't follow the wrong example - get your business covered.
25 cybersecurity resources you need to see
Here are 25 of the best cybersecurity resources out there to stay up to date with the rapidly growing area.