What does Simswap scam mean?
Simswap scam is a new, sophisticated form of fraud that allows hackers to gain access to bank accounts, credit card numbers, and other personal data. A cellphone SIM card stores user data in GSM (Global System for Mobile) phones. Theyâ€™re principally used to authenticate cellphone subscriptions without a SIM card, GSM phones arenâ€™t able to tap into any mobile network. SIM swap fraud is a type of identity theft that exploits the SIM systemâ€™s biggest vulnerability.
According to the U.S. Fair Trade Commission, there were 1,038 reported incidents of SIM swap identity theft in January 2013, representing 3.2 percent of identity theft cases that month. By January 2016, that number had ballooned to 2,658.
How do fraudsters get users SIM?
An impostor doesnâ€™t need physical access to the user's phone to perform a SIM swap; they can do it all remotely, regardless of the user deviceâ€™s model or service provider. They need to have enough information to convince a customer support agent that they are the user. When SIM criminals have gathered enough information on a target, they create a false identity. First, they call the victimâ€™s cellphone provider and claim that his or her SIM card has been lost or damaged. Then, they ask the customer service representative to activate a SIM card or number in their possession.
Cellphone service providers should not acquiesce to those requests unless callers answer security questions, but SIM fraudsters come prepared, using the personal data theyâ€™ve collected from across the web to defeat the carrierâ€™s security checks without raising any alarms. Once theyâ€™ve gained access to a victimâ€™s phone number, criminals target the user's bank accounts. Many banks will send the user code to log in to an account or reset a password to a mobile phone via SMS, which means an attacker committing SIM fraud can request and receive the code and access the user's bank account.
How can a user notice that She/He is a victim?
Itâ€™s hard to detect SIM card fraud before it happens. Most victims realize theyâ€™ve been compromised when they try to place a call or text. When the perpetrators deactivate a SIM, messages, and calls cannot be sent or received. But some banks and operators have instituted protections that prevent SIM swap fraud before it happens.
Another sign is the inability to send or receive texts and calls despite not having service shut off; receiving notifications from the user provider that user phone number or SIM card has been activated elsewhere, or being unable to login into any of user accounts.
How can users protect themselves against this situation?
Sketchy emails with malicious links, bogus login screens, fake address bars there are many forms phishing scams can take, but theyâ€™re easy to spot if the user knows what to look out for. The user should not click links, download programs, or sign in to websites he/she doesnâ€™t know. If an attacker gets enough key data about the user from these attacks, theyâ€™ll have what they need to try a SIM swap. Another issue is phishing, or in place of it, the other early part of a SIM swap involves social engineeringâ€”basically collecting as much data about the user as possible so the hacker can reliably pass for the user over the phone or in an email.
To prevent this, the user must keep his/her phone number, date of birth, mailing address, and all other compromising information off as many of his/her accounts as possible, and donâ€™t share this information publicly. Some of this data is necessary for certain services, but the user doesnâ€™t need any of them to be searchable on social media. The user should cancel and delete any accounts he/she no longer using as an added precaution.