SIM swap fraud: how to avoid being a victim

Written by
Charlotte Hall

Updated 5th September 2016

If you're anything like us, you probably don't think twice about managing your finances on your mobile. In fact, research by the BBA found that mobile banking is now the most popular method of banking across the UK, with a whopping 22.9m apps downloaded last year alone.

While the benefits of these apps are undeniable, you may be unaware that they also put you at risk of a new and emerging scam sweeping the UK - SIM swap fraud.

Your mobile banking is linked up with your mobile phone number, enabling scammers to hack into your account by cancelling and re-activating your SIM card. The first victims know about it is when their mobile phone stops working, and by then it's often too late.


So how does it work?

It's a complex process that starts with scammers obtaining your bank details either through a phishing email or by purchasing them from organised crime networks. They then use this information, along with your personal details (usually sourced from social media), to open up a parallel account with the same bank under your name and help with any potential security questions.

With these in hand, they can then call your mobile phone provider (established from your bank statement) posing as yourself and report the phone as missing or damaged. If they're lucky enough to pass the security checks, the old SIM will be cancelled and a new one activated – which they can then use in their own phone.

The fraudster now has access to your mobile account and all of your calls and texts are routed to their phone, including one-time passwords for banking transactions.

By re-setting passwords, they can now take control of your bank account transfer funds from your current account to the new account they set up earlier. Meanwhile, you're still wondering why your phone has stopped working!

A photo by Jonathan Velasquez.

How to protect yourself?

To reduce the chances of becoming a victim, you should keep your personal details as secure as possible. We recommend you follow these simple steps:

  • Keep personal details such as your date of birth, school, address and phone number off social media and ensure your security settings are set to maximum privacy. This will make it much harder for scammers to impersonate you.

  • Never open, respond to or forward emails that look suspicious, or enter your details into an email link.

  • Keep your computer software up-to-date. Your bank may also offer free security software, so be sure to ask about this.

  • If you notice that you are longer receiving calls or texts on your mobile phone, immediately enquire about it with your mobile operator.

  • Always use complicated passwords and do not use the same password for multiple accounts.

And remember, if the worst does happen and you're facing the repercussions of a cyber-attack or fraud, your final line of defence is a watertight and specialist cyber insurance policy. Find out more here.

Share this article

Related Posts

23rd May 2019
1  minute read

Why is cybersecurity important?

Investing in cybersecurity technology, processes and training is vital for a small business. Here's why.

15th May 2019
1  minute read

25 cybersecurity resources you need to see

Here are 25 of the best cybersecurity resources out there to stay up to date with the rapidly growing area.

1st May 2019
1  minute read

Startup marketing - five essential strategies for growth

There are certain strategies that are particularly well-suited to startups - make sure you know what they are.