Mobile users are being defrauded of £millions using SIM swap fraud. SIM swapping provides a way for cybercriminals to gain access your personal data and accounts by hijacking your mobile phone number and having your calls go to a SIM in another device.
Armed with enough information to pose as you (from sources such as social networks), the scammer will contact the customer services department of your network provider and ask for your number to be switched to a SIM card in their possession. The fraudster’s aim is to take control of your number, by convincing your network to either swap your number to a new SIM card on the same network – perhaps by claiming that ‘their’ phone is lost, or move your number to another network by requesting the Porting Authorisation Code (PAC). Once fraudsters gain access and control of your mobile number, they can access communications with your bank and other organisations and receive text messages with any codes or password re-sets.
The first sign of a SIM swap scam is usually the loss of all phone signal, which is particularly noticeable in places where you normally have a good connection. This occurs when an alternative SIM has been activated and your account is being accessed through a new device, leaving your old SIM card unusable. Scammers can then take advantage of a weakness in two-factor authentication and verification by your bank in which the second step is a text message or call to your mobile phone.
Personal mobile accounts are more often affected by SIM swap fraud, however as many corporate accounts have business owners and/or family on the account who use the phone as their own, these types of accounts can be vulnerable too.
The three main signals of SIM swap scams:
- You are unable to place calls or texts – fraudsters may have deactivated your SIM card and are using your mobile number
- You’re notified of activity elsewhere – for example, your mobile number is being diverted to another device
- You’re unable to gain access to accounts – contact your bank and other organisations immediately
How can you protect yourself?
It’s important to recognise warning signs if you are a victim of SIM swap fraud, so that you can shut down the fraudster’s access as quickly as possible.
Multi-factor authentication is a security measure requiring two different authentication methods, such as a password and an authorised username, before allowing you to make any changes to your account. Multi-factor authentication should be used whenever possible because it immediately neutralises the risks associated with compromised passwords by adding an additional layer of security to protect highly sensitive personal information. For business accounts, always include names of the person(s) of authority on the account and boost your account’s security by using unique, strong passwords which are not used on other accounts.
If your business has a telecoms account with Purchase Direct and would like help with setting up multi-factor authentication, please contact the Telecoms team on 01707 299 100.