We are in a world where technology grows day by day as well as the strategies of criminals to commit fraud and keep your bank details, your time and your money; One of these new tools rests on our phones, a small card: this type of fraud is known as SIM swap. Let’s find out in this article what it is and how to prevent it.
What is SIM swapping?
The SIM swap or SIM exchange is a form of fraud that allows, in a few words, that third parties use your cell phone number to appropriate your accounts and financial data.
More generally, during a SIM swap, a SIM hijacker convinces the mobile phone operator to transfer your phone number to a new SIM card. By having access to the messages, which you are supposed to receive, scammers can easily access your accounts, breaking any foundation of confidentiality by doing verifications.
From the SIM, criminals can use the phone number to generate new passwords for existing accounts. As well as hijacking your social media accounts, retail accounts or any other account linked to the phone number, which in the end, turns out to be any account on the web.
The main objective of this type of fraud is usually financial gain, since many of the victims report theft of bank and credit card information.
How does SIM Swap work?
We highlight the following as the phases of the SIM swap, take out paper and pencil because this is how this new type of fraud works:
In the first instance, criminals will try to obtain the user’s credentials – these are usually the ones linked to online banking to maximize economic benefit. This can be done through traditional social engineering techniques such as the use of fraudulent websites, which you end up accessing through links sent to email; or through a fake mobile application that impersonates the identity of the bank.
Once the credentials are obtained, the criminals will seek to clone the victim’s SIM in order to receive the verification codes via SMS (text message). For that, cybercriminals will detect the cell phone operator (since they do not have many measures to verify your identity).
In this way, and after collecting personal information, criminals can call or go to a store of your telephone operator and ask for a duplicate SIM card. This usually happens without you as a user realizing that you were a victim until you no longer have a signal on your phone and your accounts are empty.
Once this duplicate is obtained, criminals can enter the victim’s bank account, make transfers or initiate credit applications in their name. When confirming the operation they will have no problem, since they will directly receive the authentication or confirmation messages.
How to know if you were a victim of SIM swap?
- Signal Lost: The surest test of a SIM change is if you completely lose all phone service, turn on all alerts if you get strange texts or phone calls about changes in mobile service.
- You notice something odd about your social media activity: Social media activity that isn’t yours – a new image, a strange login, a change of credentials – are all signs that your money and data have been stolen.
- Lost access: You have problems seeing information about your financial products such as credit cards or bank accounts because the credentials you had to log in do not work.
If you suspect that you have been a victim of SIM swap, get ready! Immediately contact your telephone operator, banks and other organizations that may be affected by the hijacking of your SIM card.
- What is cyberbullying and how to prevent it?
- Cyberpunk 2077 Update 1.61 Full Patch Notes
- How to Fix Blurry Texture in Cyberpunk 2077
What happens after a SIM swap attack?
SIM swapping is just the first step for scammers. However, once they are in control of your phone number, there is no limit to the amount of damage they can do. This can take the form of:
- Identity theft: The most common form of attack and, in fact, the reason many fraudsters use SIM swapping in the first place. A fraudster who controls a phone number can receive a 2FA or OTP SMS that allows them to access your accounts. This includes mobile banking, social networks or online store accounts.
- Identity Fraud: Stealing someone’s phone number is not considered identity fraud itself. But scammers often mine accounts for personal documents to steal the victim’s identity.
- Phishing: Once in control of a phone number, scammers can contact your family, friends and colleagues to collect personal information.
- Transaction fraud: If your account acts as an electronic wallet (for example, for online store credit), fraudsters will use it to buy gifts. Worse still, they could find a linked credit card number and use it for their purchases.
- CEO Fraud: Attacks in which executives and managers are impersonated by fraudsters have increased. Taking control of your phone number can help these types of schemes.
