Scammers convince the victim's mobile network provider to move his or her number to a new SIM card controlled by them. Then, they intercept the text messages sent by the victim’s bank on the new SIM card and use them to operate his or her bank account.

The SIM swap is a type of IT fraud that requires a few different steps:

• Once the victim has been selected, the scammers set about acquiring his or her data and home banking credentials via hacking or social engineering;
• The next step, backed up with carefully falsified documents, is to have the victim’s SIM card replaced. They ask the network provider for a new SIM card claiming that the old one has been lost or damaged;
• Using the same phone number, they obtain authorisation from the victim's bank to operate the bank account online.

It is difficult to detect SIM swap frauds before they actually happen: most victims realise they have been hacked when they try to make a call or send a message (but the hackers have already deactivated the SIM card). So, be careful if:

• your phone unexpectedly loses signal and remains unreachable;
• you receive a series of nuisance calls: it may be a tactic used by the scammers to get you off the phone to facilitate the SIM swap process.

To deal with SIM swap scams, CERTFin promoted the creation of a joint working group with the network providers' Anti-Fraud Technical Committee. The working group, formed in early 2018, meets monthly to discuss new developments in fraud directly or indirectly involving the telecommunications and finance sectors.

The working group analyses the most significant trends and comes up with technical countermeasures to limit their impact. Industry regulators also involved in the process. A trial investigation phase involving the relevant CERTFin members has been set up to monitor the effectiveness of the proposed anti-SIM swap solutions.