If you’ve never heard of SIM swapping, please pay attention – you’re more at risk than most.
Chances are you have a Facebook account or some form of online identity where you share your life with family and friends. Which is great, but who else are you sharing it with? And what information are you making freely available to online thieves who want to steal your identity?
Welcome to the worrying world of SIM swapping
What is SIM swapping?
Well, it’s a trick – an all too simple trick – to steal your mobile phone number and attach that number to a new SIM card. The cyber thief can then use your stolen number to gain access to your bank accounts and credit cards.
How do they do it? Easy, the thief will start by gleaning as much personal information as they can from your social media accounts. Be it a phone number, birthday, pet name or favourite sports team, they can use these to answer common security questions.
They will then attempt to con you into sharing more details via fake, yet convincing calls, emails and texts posing as your service provider or bank.
Finally, when they have all they need, they will ask your network provider to switch your number to a new SIM card in their possession. While your phone goes dead, they’re busy emptying your accounts of hard-earned cash.
Scary? You bet!
According to ‘Scamwatch’ data scammers stole almost A$10 million from Australians in February 2019 alone; a particularly bad month, but every month people just like you lose a fortune.
It’s infuriating enough when you see it happening to someone else, but what if it happens to you? If you think it never will, you’re ripe for the picking. Complacency and/or overconfidence in your cyber security are exactly what these ratbags look for.
They want you to post all your personal details on Facebook; they want you to share your world, because that’s exactly what they need to impersonate you!
Here’s a nasty true story of SIM swapping
Our victim – let’s call him Doug – got an odd text from his mobile company with a new Porting Authorisation Code (PAC) for his phone. He called and told them he hadn’t asked for a PAC and they reassured him that it wouldn’t be activated. All good? No.
Next day his phone was cut off and his credit card company emailed to say he was up to 90% of his credit limit! The SIM swap thief had stolen over $25,000 in two short days!
What are service providers doing to stop SIM swapping?
Well, they’re adding enhanced checks that probably should have been there in the first place. SIM fraudsters accumulate so much personal and financial information that it’s easy to pose as you. Perhaps enhanced checks will make their misspent lives more difficult.
What about SIM card purchase? Does your mobile shop ask for photo ID when you buy a new card for your phone? If not, they should.
However, most thieves will contact call centres where ID can’t be shown. Knowing this, service providers need to be geared to act quickly and decisively in the event of a suspected mobile phone breach. And that means implementing appropriate red flags and 24/7 real person support capable of stopping threats in their tracks.
Sadly, many don’t offer this. Yet.
But it doesn’t stop there. You need to take action as well.
What can you do to avoid SIM swapping fraud?
Carefully follow these four steps to minimise your risk.
Be sensible about social network profiles – do you really need your phone number there for all to see? Do you really need to tell everyone your favourite movies and teams? These are exactly the sort of questions you’ll end up using as identification for important sites and accounts, so keep them to yourself and restrict access to family and friends.
Secure your mobile account – that means adding an obscure password. And here’s a good trick; If you need to provide security question hints, provide something obscure. For example, your mother’s maiden name is ‘basketball’.
Delete your phone number from all websites – that includes sites that send texts to reset passwords. Most offer an email alternative. Better still, use apps such as Microsoft Authenticator.
Be tuned into the signs – strange calls, emails and texts asking for sensitive information are probably scammers, even if they say they’re from Telstra or Optus or wherever else. Tell them you’re busy and call your bank and service provider immediately.
If you think you’ve been a victim of SIM fraud, I might be able to help. Contact me for a free consultation.