Cyber security experts are warning consumers to be vigilant among a dramatic rise in Sim-swap fraud.
Sim-swapping involves thieves cloning a mobile phone number and assigning it to a new Sim card, through which they can access online bank accounts, messages and calls.
Fraudsters comb social media for phone numbers and personal information, including pets or children’s names, favourite sports teams and birthdates to try and discern passwords to accounts.
Reports of Sim-swapping rose 400 per cent between 2015 and 2020, while victims were conned out of £483,000 during the first six months of 2020 alone, with the total known amount lost to the scam passing £10m the same year.
Dmitry Bestuzhev, a director of research and analysis at cybersecurity company Kaspersky, warned against sharing sensitive information, including bank account numbers or statements, over Meta-owned messaging app WhatsApp following a rise in its use to distribute phishing and ransomware scams.
“It is important to understand that WhatsApp is not a secure platform, although many people think it is. The best thing to do is to not share delicate information,” he told Spanish newspaper El Pais.
WhatsApp has been contacted for comment.
David Emm, principal security researcher at Kaspersky, said that the rising popularity of mobile phone payments had lead to cybercriminals using Sim-swap fraud to obtain access to two-factor authorisation codes sent via mobile.
“The criminals obtain a victim’s personal information – bank details, address, etc – by trawling through social networks or by obtaining stolen data,” he told i.
“They then use this to masquerade as the victim and request a SIM-swap and to change personal information.”
While consumers should be alert to the danger of Sim-swap fraud, mobile providers and banks should also take steps to reduce the likelihood of it happening, he said.
“Networks should obtain proper authorisation for Sim-swaps and other changes to services. This could include biometric checks to make sure only account holders can access the account (e.g. voice authorisation).
“They should also alert customers by SMS if there has been a Sim-swap request, as well as flagging to banks when there’s been a swap request and to isable financial transactions for 48 hours, as is done in Brazil and Mozambique.”
Action Fraud, the UK’s reporting centre for fraud and cyber crime, advises against opening files or clicking links sent by unknown sources, as well as creating complicated passwords that don’t include easily-guessed personal information.
Losing the ability to make calls or send texts, receiving a notification alerting you to the fact your phone number or SIM card has been activated elswhere or realising you’re locked out of an account are all warning signs to a Sim-swap scam, according to Natwest.
“Don’t respond to fake emails, text or phone calls, These are ways in which fraudsters use to gather personal information about you,” the bank has warned.
“If your phone suddenly stops working then inform both your bank and mobile network.”
Jack Dorsey, Twitter’s former chief executive, and campaigner Jack Monroe are among the highest profile victims of the scam, after fraudsters took over their phones, Twitter profiles and bank account.
All rights reserved. © 2021 Associated Newspapers Limited.