A relatively new and sophisticated form of fraud that allows the hackers to gain access to the bank accounts, credit card numbers and other personal data has been making huge noises. This is called ‘SIM Swapping’. Many people get affected by this SIM swapping these days and just a couple of months back Mr. Jack Dorsey, Twitter co-founder, and CEO also became a victim.
The other names given to this SIM swapping scam are SIM splitting, SIM jacking, port-out scam, etc.,
Working procedure for SIM swapping:
It is worthy to note that SIM swap fraud is a type of identity theft and it exploits the SIM system`s biggest vulnerability ‘Platform agnosticism’.
The SIM swapping fraud begins with the fraudster gathering personal details about the victim by phishing e-mails or by buying them from organized criminals. Sometimes by directly socially engineering the victim also SIM swapping takes place. After getting these details the fraudsters then contact the mobile telephone provider of the victim.
To port the victim’s phone number to fraudsters SIM, the fraudster uses socially engineering techniques to convince the telephone company. By impersonating the victim using personal details to appear authentic and claiming that they have lost the phone is an example of socially engineering technique used by the fraudsters. Important piece of information collected is in countries like Nigeria and India etc, the fraudsters would have to convince the victims to approve the SIM swap by pressing 1. By this, the victim phone would lose connection to the network and fraudster would get all the SMS and voice calls meant for the victim.
It must be noted that the fraudster would be able to intercept any one time password sent via text or calls to the victim. The fraudsters would be able to avoid the security features of the account that rely on text or calls.
SIM swapping could be avoided by:
First, make sure that fraudsters do not steal the personal data and for this, it is important to be vigilant about the information we reveal to others. Secondly, do not tamper with the security setting on smartphones. Finally, always use genuine software on smartphones.