SIM swap fraud is a type of fraud that involves scammers taking over someone’s phone number, which can then be used to access personal accounts, steal money, or commit identity theft. To access a bank account nowadays one has to have a user name, password and a one time passcode normally sent via text message to a cellphone. If the bad guys have the first two pieces on info, all they need is to take over the victims cellphone for the fraud to work.
To execute a SIM swap fraud, the attacker buys a new SIM and contacts the mobile carrier to activate it with the victim’s phone number. They then trick the victim into giving them the OTP, which enables the scammer to gain control of the victim’s phone number.
How are fraudsters able to answer the security questions your mobile carrier asks? That’s where the data scammers have collected on you through phishing emails, malware, or social media research becomes useful. They may have simply bought the data about you on the dark web.
Once they have taken over your cellphone number they may email you claiming to be your bank and asking you to go to a page that looks like your bank’s website but is really an identical looking website that grabs your username and password as your log in. Now they have your user name and password but they need to intercept the code your bank sends to your cellphone – well they have full access to your phone number now so game over!
Consider the high-profile example of a SIM swap scam against Twitter CEO Jack Dorsey. Dorsey’s Twitter account was hacked when fraudsters gained control over his phone number. The scammers behind this went on to tweet offensive messages from Dorsey’s Twitter handle for the 15 minutes it took to regain control of his account.
According to the FBI, scammers are turning more often to SIM swap fraud. The bureau reported that in 2021, the FBI received 1,611 reports of SIM swaps. The losses in these crimes topped $68 million.
One of the most effective ways to prevent SIM swap fraud is by switching to eSIM, which is a digital version of a traditional SIM card that can be embedded directly into a device. eSIM holds several benefits, including increased security. Since there is no physical SIM card in the eSIM system, cybercriminals cannot claim that their SIM card got lost or damaged, thus preventing them from acquiring another SIM card or re-registering the number in their name.