Security around personal banking has rarely left the headlines in 2016; most recently, Tesco Bank suffered a breach which saw 9,000 people lose sums of money from their accounts. This International Fraud Awareness Week, a mobile banking expert from Aspect Software has given his top five warning signs for SIM Swap fraud and mobile takeover. SIM Swap is a little-known and difficult-to-spot crime that is seeing an upward trend in the UK and other regions, including Africa.
Keiron Dalton, Senior Director of Customer Strategy and Innovation at Aspect Software, and head of the firm’s digital identity division, explained: “SIM Swap fraud occurs when a criminal registers an existing phone number of a victim on a new SIM card by impersonating the victim to the mobile phone provider. Once activated, a criminal will receive all the calls and SMS notifications sent to the victim’s mobile number and can deactivate the original SIM card in the process. Once in control, criminals are able to bypass SMS-based one-time-passcodes, and steal large amounts of money quickly. This is often before the victim is even aware they have been targeted.”
“We are speaking with a number of banks as well as the leading mobile network operators to tackle SIM Swap fraud, but consumer awareness of the crime has stayed relatively out of the headlines. There are a number of signs that mobile banking customers can look out for to identify if their SIM card may have been compromised, or their phone has been taken over,” Dalton said.
1. Phishing messages and suspicious communications asking for information
SIM Swap fraud requires the hacker to have access to a victim’s bank details. These are often obtained through an email phishing attack, unsolicited communications asking for details, or by purchasing that information from online crime gangs. You should never respond to these types of communications or send your bank details on any platform that could be read by someone else. Your bank will never ask for this information, so don’t be fooled by fraudsters imitating your bank. This leads to the initial opportunity to get account access or access to a duplicate SIM card, it also could provide criminals with the answers to personal security questions.
2. Extended loss of signal
Once SIM Swap fraud has occurred, it is not instantly noticeable to the victim. Extended loss of signal is the initial sign that SIM Swap fraud has taken place, as the control has been switched to a new device. Contact your mobile network provider to check if it is a widely known issue, or isolated to your device.
3. Floods of calls and messages
This is a tactic that runs parallel to the extended loss of signal. Criminals will send a flurry of nuisance calls and/or messages in an attempt to get victims to turn their phone off. If you’re suspicious, it’s vital that you don’t turn your phone off as this is used as a distraction to delay you noticing a loss of service when a SIM is swapped.
4. Opening links on your phone
Whether the link is sent to a victim via a phishing message or is on an unknown website, mobile phone users should be cautious when opening links on their device, and delete anything suspicious immediately. Hackers can use links that contain application packages that, if installed, will give the people behind the malware administrator rights to the victim’s device.
5. Be aware of the source of any applications you download
Only download applications or make in-app purchases from approved sources or stores. To prevent suspicious applications from being installed, Android phone users can go to Settings/Security and turn the ‘Unknown Sources’ option off, which will stop the phone installing them from anywhere other than Google Play.
Dalton continued: “We have talked a lot about what should be done to start tackling SIM Swap fraud from the organisational side. For example, SMS should not be used in isolation to verify a customer’s identity during a mobile banking transaction, because it is simply not secure enough; it should be used in conjunction with other authentication factors.”
He concluded: “Banks and mobile network operators have the ability to make use of voice recognition to verify a transaction, as well as clever background checks using mobile data on elements such as how long it takes a call to connect, suggesting a call divert is in place and therefore a potential fraud. This is why multi-factor authentication when using an app to make transactions is so important.”
For more information, visit www.aspect.com/uk