Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

SIM Swap fraud: fend off attacks with lies, says Foursys

April 2016 by Foursys

Foursys - cybersecurity specialists for more than 20 years - today warns mobile users of SIM Swap fraud or SIM Splitting, a financially-motivated mobile phone threat, is gaining momentum.

Remote banking losses increased significantly last year, according to the latest FFA UK (Financial Fraud Action UK) report. “Total remote banking loses increased by 72 per cent to £168.6 million in 2015. A key driver of this increase was the rise in impersonation and deception scams in which a criminal dupes the victim into giving away their personal and security details. The criminal then uses these details to gain access to their victim’s remote banking account.”

SIM SWAP fraud explained

SIM Swap is the process of replacing your mobile’s existing SIM card with a new one. SIM swapping is often useful, letting you to keep your existing mobile number when you change to a handset requiring a different SIM card type. However, financially-motivated criminals have found a loophole in this process

Armed with a mobile phone and a blank SIM card, the phone hackers pretend to be the victim when they contact the victim’s telecommunication provider saying the mobile has been stolen. The plan is to get the operator to cancel the existing SIM card, on the victim’s phone, and activate the new SIM on the criminal’s phone.

“Before SIM swaps are authorised, many mobile providers verify the identity of the caller using security questions, a process that’s certainly not foolproof,” said James Miller, Managing Director at Foursys. “Some answers may have unwittingly been shared online by target victims, let alone by someone in their social networks. How many people name their pet, favourite restaurant or primary school on social media sites? Scouring social media profiles, can prove very useful indeed to a criminal wanting to conduct fraud.”

The window of opportunity starts to close as soon as the SIM Swap victim notices that his/her mobile is no longer working and raises the alarm.

Once texts and calls are rerouted to the fraudster’s handset, the criminals work quickly to reset passwords, locking the victim out of his/her accounts, before authorising bank transactions or securing loans in the victim’s name.

Recent Sim Swap victims include Nottingham-based Chris Sims, whose bank account was emptied of its £1,200. The criminals also applied for a £8,000 loan in his name, reported The Guardian on Saturday.

“Security questions based on supposedly secret information are far too easy for criminals to defeat, given the huge amounts of data about ourselves available online”, said John Hawes, Chief of Operations at Virus Bulletin. “Any system which still uses this out-dated mechanism really needs to rethink its approach. In the interim, Foursys’s recommendation to fabricate falsehoods for the security questions is a smart one.”

SIM Swap: preventative tips from Foursys

Foursys recommends that mobile users concerned about SIM Swap fraud consider the following preventative action.
• Contact your mobile operator immediately if you stop receiving calls or texts unexpectedly. Don’t assume it is a technical fault that will resolve itself. ?
• Ensure passwords are long, complex and known only to you. Consider using a reputable password manager if you think you might forget them. ?
• Consider using made-up answers to the security questions to ensure your publicly available information cannot be used to identify you and store these securely. ?
• Use up-to-date security software on your computer and systems to block email phishing scams. ?
_ • Carefully dispose of phone bills and other paper work detailing sensitive information, such as shredding or incinerating. ?
• Remove apps that you do not use from your devices. If you don’t use your bank’s mobile app, remove it from your phone. ?

“Think of these criminals as truffle-hunting piggies,” said Miller. “There are out there looking for opportunity as they sniff out their next victims. Your job is to stay out of their way and ensure you are as unattractive a target as possible.”


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts