How do criminals steal thousands of euros by hijacking mobile phone numbers? It’s a common story: the signal bars disappear from your mobile phone, and people call your phone number, but it doesn’t ring. You try to login to your bank account, but the password fails. You have become the newest victim of SIM swap fraud, and your phone number is now in the control of a criminal.
SIM swap fraud is committed when a fraudster dupes the victim’s mobile phone operator into porting the victim’s mobile number to a SIM in their possession. The fraudster then starts receiving any incoming calls and text messages, including the one-time banking passwords which are sent to the victim’s phone number.
The fraudster can then perform transactions, using information gathered through techniques like malware, and when the bank sends a one-time-password via SMS, the criminal receives it and completes the authorisation for the transaction.
Several law enforcement agencies in Europe -Austria, Spain and Romania- have carried out operations against this common denominator, considered by the authorities to be a growing threat. In Spain, the state authorities working in conjunction with Europol and the European Cybercrime Centre (EC3), arrested a group of 12 individuals who had managed to steal amounts of up to €137,000 from the bank accounts of several victims. The suspects were of Italian, Romanian, Colombian and Spanish nationality.
The modus operandi was simple, yet effective. The criminals managed to obtain victims’ online banking credentials with different banks by employing hacking techniques like banking trojans or other types of malware.
If you don’t want to be the next victim, here are some measures you can to take to protect yourself:
- Keep your devices’ software up to date.
- Do not click on links or download attachments that come with unexpected emails.
- Do not reply to suspicious emails.
- Limit the amount of personal data you share online.
- Try to use two-factor authentication for your online services, rather than having an authentication code sent over SMS.
- When possible, do not associate your phone number with sensitive online accounts.
- Set up your own PIN to restrict access to the SIM card. Do not share this PIN with anyone.
If your phone loses reception suddenly for nor apparent reason:
- Report the situation to your service provider.
- If there are suspicious transactions in your bank account, contact the bank.
- Immediately change all the passwords for your online accounts.
- Keep all evidence, in case you need to contact the police.