SIM Swap: find out everything about this global scam
Online fraud is increasingly sophisticated. So much so, that even the most attentive people are falling victim. A clear example of this is the SIM swap scam, which has already defrauded thousands of people around the world.
This scam doesn’t exactly exploit a vulnerability or weakness in the end-user, instead it targets the structural fragility of how mobile service providers work in Brazil and the rest of the world. Basically, we’re talking about a scam that doesn’t require any action from the victim. And that’s where the problem lies.
There is currently no impediment to an individual requesting the transfer of a phone number from one SIM card to another. After all, it’s quite common for people to lose their smartphones for one reason or another and when that happens, you have the right to reactivate your old number on a new chip. Of course, cybercriminals have now also found a way to exploit this facility for their benefit.
Is this mine or yours?
The name says it all. The swindle simply comes down to swapping SIM cards. Firstly, criminals gather as much information on the victim as possible: full name, ID number, taxpayer identification number, address, parents’ names... The more details, the higher the chance of the scam working. Generally, these data are usually obtained through social engineering – including phishing campaigns – or through the careful study of the target’s profiles on social networks.
As soon as the fraudster has gathered enough information on the victim, they contact the mobile carrier. Claiming to be the owner of the phone number for a lost or stolen device, the criminal requests the number be transferred to a new chip. While the carrier completes a security check, the fraudster uses the previously collected information to authenticate ownership of the phone number. With ownership of the victim’s phone number now in the hands of the criminal, the legitimate SIM card is canceled.
The cybercriminal gains free access to any app or services connected to that phone number, including instant messages and social networks, while also receiving two-factor authentication codes sent via SMS.
You can make things harder!
Falling victim to the SIM swap scam means that, from one minute to the next, you lose access to your social networks and even your banking applications, should authentication be based on a code sent via text message.
From that point on, the scammer can assume your identity to defraud your friends and family, like with the classic urgent loan that is never to be returned.
As previously mentioned, the ease of transferring a phone number to a new SIM card ends up making things easy for the SIM swap scam. It would be a lot better if there were stricter verification layers to allow this operation.
Nevertheless, there are certain attitudes you can adopt to complicate things for criminals and restrict what they can do if they succeed in their scams.
The first is really simple. Be aware of phishing scams and publish as little personal information on the internet as possible, making things harder for those looking to impersonate you when dealing with your carrier.
Due to the SIM swap scam, specialists also recommend avoiding two-factor authentication via SMS. Use specific programs that generate random, single-use passwords using an app installed locally on your cell phone.
The WhatsApp instant messaging app, for example, is a “gold mine” for SIM swap scammers in Brazil and now features its own resource that allows you to protect your profile with an additional password. Lastly, always keep the PIN and PUK codes at hand – those are the numbers hidden behind the “scratch-off” on cards that come with your chip –, as they can be used as an additional layer of protection for your SIM, blocking the number altogether in extreme cases.
