Protecting yourself from SIM-swap fraud
Sophie Grosvenor March 6th 2024 - 4 minute read
Keeping you and your money safe is our top priority, and we have stringent safeguarding measures in place to help protect all our customers. But there are also steps you need to take to protect yourself from fraud.
To help you identify potential scams and stay safe, we’re publishing a series of articles on fraud protection. This article looks at SIM-swap fraud.
What is SIM-swap fraud?
SIM-swap attacks, also known as ‘simjacking’ or ‘simcard hacking’ are a type of account takeover fraud. They occur when scammers gain control of an individual’s phone number, by tricking the mobile network carrier into transferring the victim’s phone number to a new SIM card, which is under the fraudsters control.
With control of the victim’s mobile number, scammers can then obtain mobile phone access, personal details, and online accounts. SIM-swap fraud will often allow perpetrators to hijack the victims calls and texts, as well as enabling banking access, which can lead to devastating consequences.
With a growing number of online services using two-factor authentication in the form of text messages or phone calls, it’s important to optimise your security measures in order to avoid falling victim to such scams.
An example of SIM-swap fraud
Courtney, an online scammer, easily traces and compiles some of Alex’s personal information, including her phone number, address and full name via social media. With these details to hand, Courtney then targets Alex’s mobile network provider.
Posing as Alex, Courtney contacts the customer support hotline, claiming to have lost her SIM card. Courtney provides the information that she has gathered, convincing the customer support representative that she is the legitimate account holder.
During the call, Courtney requests a new SIM card, manipulating the representative into completing a SIM card transfer. With the SIM card transfer now complete, Courtney is now in possession of a new SIM card, connected to and controlling Alex’s phone number.
Meanwhile, Alex finds that all services provided by her network provider are no longer available on her own mobile phone, as her SIM has been cancelled and transferred to a new card.
This leaves Courtney with complete access to the personal accounts which are connected to Alex’s phone number. With many online services now utilising two-factor authentication, Courtney can now leverage this access to reset passwords, gain unauthorised access to email and social media accounts, and perform fraudulent activities.
Courtney may well use the compromised accounts for various malicious purposes, such as unauthorised transactions, identity theft, or gaining sensitive information. By the time Alex realises what has happened, significant damage may have already occurred.
Five tips on how to protect yourself from SIM-swap fraud
- Utilise multi-factor authentication
Whenever possible, use two-factor authentication methods that do not rely solely on SMS or phone calls. Consider using authentication apps like Google Authenticator or Authy for additional security measures.
If relying on two-factor authentication, ensure that your accounts have additional layers of protection, such as backup codes or recovery options to maximise your cybersecurity.
- Secure your mobile account
Set up a strong and unique PIN or password for your mobile carrier account. You should avoid using easily guessable passwords or PINs.
Contact your mobile carrier and inquire about additional security measures they offer, such as a PIN or password requirement for any account changes.
- Monitor your online accounts closely
Regularly check your financial, email, and social media accounts for any unusual or unauthorised activity. Where possible, keep your personal data hidden from public view and your social media account settings on private.
You may also want to sign up for account activity alerts, where available, to receive notifications about any changes to your accounts. This enables instant notification of any unexpected or unusual activity, allowing you to stay vigilant and aware of how your accounts are being used.
- Be sceptical of unsolicited communications
Be wary when receiving unexpected calls, emails, or messages claiming to be from your mobile carrier or other service providers. Phishing scams can coincide with SIM-swap attacks, with scammers sometimes opting to contact their victims via email or telephone in order to initially obtain personal data.
Verify the legitimacy of requests for personal information before providing any details, especially if the request is unsolicited.
- Use Account Recovery Options Wisely
Be careful when setting up account recovery options for your accounts. Avoid using easily accessible information (such as publicly available details like a pet’s name) for account recovery questions or passwords, as this information could be exploited by attackers.
Additionally, staying informed about the latest security practices, being mindful of the information you share online, and promptly reporting any suspicious activity to your mobile carrier and relevant service providers can enhance your online security. Regularly update your passwords and review privacy settings on your accounts to improve your overall cybersecurity.
If someone targets you
If you suspect you are being targeted or have fallen victim to SIM swap fraud, it’s crucial to take immediate action to mitigate potential damage and secure your accounts. You can report it to Action Fraud by calling 0300 123 2040 or by using their online reporting tool, and you can report it to the FCA.
Another vital immediate response in the case of SIM-swap attacks would be to contact your mobile carrier as soon as possible. Informing your personal network provider about a suspected SIM-swap attack will allow an initial cancellation of the scammers SIM card, thereby returning control and access of your phone number to you.
Informing other relevant parties, such as financial institutions, credit card companies and any other relevant service providers will also enable you to take additional steps to secure your accounts, as well as helping you to monitor any suspicious activity in the first instance.
If you’ve been a victim, you can also get free specialist help from Victim Support.
More information on SIM-swap fraud
Some of the organisations and websites we’ve listed above provide a treasure trove of information, guidance and resources. You can also find lots of useful articles specific to mobile phone security on network carrier websites, such as O2.
As well as checking the FCA’s Register and Warning List, you can also find other information for consumers and firms on the FCA website.
Action Fraud, the UK’s cybercrime reporting centre, also has plenty of useful resources – as does Victim Support.
Finally, we’re always more than happy to help our customers. If you’ve got any concerns or questions about the security of your Currencies Direct funds, or need guidance in relation to a transfer, please do get in touch.
You might also want to read our article on identity fraud, as the two types of scams share some similarities regarding the exploitation of an individual’s personal data.
Written by
Sophie Grosvenor