Scammers convince the victim's mobile network provider to move his or her number to a new SIM card controlled by them. Then, they intercept the text messages sent by the victim’s bank on the new SIM card and use them to operate his or her bank account.
How does it work?
The SIM swap is a type of IT fraud that requires a few different steps:
- Once the victim has been selected, the scammers set about acquiring his or her data and home banking credentials via hacking or social engineering;
- The next step, backed up with carefully falsified documents, is to have the victim’s SIM card replaced. They ask the network provider for a new SIM card claiming that the old one has been lost or damaged;
- Using the same phone number, they obtain authorisation from the victim's bank to operate the bank account online.
It is difficult to detect SIM swap frauds before they actually happen: most victims realise they have been hacked when they try to make a call or send a message (but the hackers have already deactivated the SIM card). So, be careful if:
- your phone unexpectedly loses signal and remains unreachable;
- you receive a series of nuisance calls: it may be a tactic used by the scammers to get you off the phone to facilitate the SIM swap process.
What should you do?
- If you notice that your phone has unexpectedly lost signal, contact your network provider immediately. You may be able to block the SIM swap before the scammer's SIM is activated.
- Don’t turn your phone off, even if you receive a lot of nuisance calls; and again, call your provider as soon as possible.
- Check your online account and look for any payments made without your authorisation.
- If you think you've fallen victim to a SIM swap, contact your bank so that it can temporarily block you account while you change your passwords.
To deal with SIM swap scams, CERTFin promoted the creation of a joint working group with the network providers' Anti-Fraud Technical Committee. The working group, formed in early 2018, meets monthly to discuss new developments in fraud directly or indirectly involving the telecommunications and finance sectors.
The working group analyses the most significant trends and comes up with technical countermeasures to limit their impact. Industry regulators also involved in the process. A trial investigation phase involving the relevant CERTFin members has been set up to monitor the effectiveness of the proposed anti-SIM swap solutions.