Last Updated on March 18, 2021 by Calvin C.
What is SIM card fraud? If you are not sure what it is don’t worry. In this article, I cover in detail all about this criminal activity and how to prevent bad guys from pouncing.
By definition, this is where cybercriminals gain access to your financial accounts or personal data through your mobile number.
Background of SIM card fraud
SIM card fraud is called by several names and these are:
- Port-out scam
- Sim swapping
- SIM splitting
In 2020, a group of hackers mounted a series of SIM card fraud attacks on American celebrities and got away with more than $100 million dollars during the period.
Their modus operandi was to control the victim’s phone number to gain access to cryptocurrency wallets.
Although arrests were made, SIM card fraud remains a major threat.
If you don’t take the necessary precautions I will outline later, you are exposed to these attacks.
What is a SIM card?
Let’s get the definitions out of the way.
SIM card stands for Subscriber Identification Module and this is a small, plastic card with an integrated circuit to stores unique data like:
- Phone number
- User identity
- Network authorization data
- Personal security keys
- Text messages
A SIM is used in a smartphone and allows you to connect to a carrier network so that you make calls, send text and connect to the internet.
From the above functions of a SIM card, you quickly get an idea of how much information a hacker accesses if there is a SIM card swap.
How SIM card fraud occurs
Cases of SIM card fraud are increasing given that about half of the web traffic is from mobile devices.
This means it’s becoming easier for hackers to mount an attack via the internet as more mobile devices are online.
In SIM card fraud, control of your account is transferred from you to the hacker.
What’s chilling is that the process hasn’t changed over the years despite marked evolution of hardware and software in mobile devices.
This means you need to make sure your device is not at risk of a similar attack every time.
Here’s how they control your SIM card:
The hacker finds a way to obtain your personal details.
Ways to get your personal details include social media engineering, malware attacks, phishing emails or the dark web.
- Check out ways to delete yourself from the internet.
Next, the hacker calls the mobile phone provider requesting for a SIM card change and uses your details to confirm identity.
Details like your phone number, birthday or other details are used by the hacker to answer security questions.
The hacker requests for activation of a new SIM card in their possession.
Next thing, your operator gives the hacker full control of your account.
This method is even more sinister as it involves someone on the inside.
In this case, an accomplice working for the mobile network transfers your SIM card number to another account controlled by the hacker.
What happens next?
Once a hacker gains control of your phone account, the second phase begins.
One way is to access any previous communication with your bank or service provider and reset the password.
Any 2-factor authentication is received by the hackers, whether via SMS or voice call and this is the heart of the attack.
Once they gain access to your account, they transfer any money to their account.
By the time you realize that a breach has taken place, it will be too late.
In the case mentioned earlier, the organized network of hackers emptied cryptocurrency wallets.
This means even if you activate 2-factor authentication, bad guys can still gain access to your account.
Can you tell that you have been hacked?
The answer is yes, but not in all cases. There are tell-tale signs that a SIM card swap is in progress or has taken place.
- Your phone loses network as your SIM card is disconnected. You are unable to call or text.
- You receive a message requesting for authentication when you have not tried to access your account.
- You fail to access your accounts, be it bank, credit card or wallets
The attack can take place without even realizing it, for example, if your phone is off or when you are not using it.
How to protect yourself from SIM card fraud?
There are steps you can take to stop hackers from taking full control of your phone account.
- Don’t put too many personal details on social media like birthday, pet names, phone number etc. These details are usually used by banks to confirm your identity and hackers take advantage of that.
- Avoid giving your details if you get unsolicited calls, emails or text messages. These details are used by hackers to steal your identity.
- If there is an unusual drop in your mobile network signal, call the service provider for clarification.
- If you receive a message requesting authentication and you have not tried to access your bank account or online wallet, call customer support immediately.
- Use a password generator to create strong passwords. It’s free!
- Make use of authentication apps like Google Authenticator.
- Activate any SIM PIN, if available, for additional security.
- Don’t rely heavily on SMS-based or call-based 2-factor authentication
This article should serve as an eye opener because it’s easy to relax when you have not encountered an online attack.
The FBI is pushing for financial institutions to find more secure ways to protect user accounts especially where SMS-based authentication is used.
When hackers gain access to your bank account or online wallet, they empty every cent.
To conclude, using your mobile number only to secure an account is not the best way to keep hackers at bay.
One other way to be safe on the internet is by using a VPN because a VPN encrypts all your traffic and hides all your internet activity.
- At a glance, these are best VPNs to keep you safe:
Are you using a VPN when online? Let me know in the comments below and share the post with your friends.