The problem of identity theft is by no means new, and continues to plague innocent victims as each version and variation invented by criminals attempts to circumvent the controls that we have put in place to prevent it. There was a time, for example, when passwords were deemed sufficient to protect a person’s access to their various accounts. The ease with which hackers used to get around passwords—largely by taking advantage of the public’s use of easy-to-remember (and therefore easy to guess!) passwords—has led to requirements that passwords become ever more complicated. This, in turn, leads to further weaknesses, such as increasing number of people who can neither remember nor keep track of their passwords. Of course, there is a solution to that as well: The security questions that we have all come to know and love. (What was your mother’s maiden name?) These, of course, are questions that are often easy to discover the answer to in a world of social media (your mother is probably one of your Facebook friends, after all). Another solution is needed to protect identity, and the numerous accounts and money that are associated with it. A recent trend is the use of the mobile phone. After all, a mobile phone is uniquely in your possession, and even if it is stolen, usually must be erased in order for the thief to bypass the security code and use the phone.
Unfortunately, a new trend among thieves in Great Britain is causing headaches (and heartaches) to those who thought that the mobile phone would be the ultimate guarantor of identity. The new technique is called a “SIM swap.”
Ronald Noble, founder of RKN Global, notes that while online fraud gets a great deal of public attention, many are unaware of the risks posed to mobile phone users in general. The Sim Swap is one variation of such a threat.
A Sim Swap basically involves a fraudster’s impersonation of the victim in a call to the victim’s cell phone provider. The fraudster cancels the SIM card and convinces the mobile phone provider to activate a new SIM card. Even though the caller must “prove” his or her identity to the mobile company’s satisfaction, this is often through the use of security questions, which identity thieves are often able to defeat through knowledge gleaned through social media and a convincing act.
The scam proceeds: The victim finds that he or she can no longer use his or her phone. The mobile phone company sends an alert that the Sim card has been changed—but sends it to the newly activated Sim, which is in the hands of the thieves. The thief now controls the victim’s mobile phone number, and can “prove” his or her identity to change passwords to bank and other accounts, locking out the true owner and giving the thief control. It is a short step to draining the victim’s bank account, the taking out of loans, and the destruction of the victim’s credit.
Over 86 million fraud-related calls each month!
SIM swap is not the only type of fraud that mobile phone users could be subjected to. Mobile phone scams are thought to be responsible for approximately 86.2 million calls each month in the United States.6 Clearly, the mobile phone is yet another target point for crime.
Never respond to unfamiliar calls or texts
A good way to help protect yourself from a scam is to avoid responding to unfamiliar calls or texts.11 Some unfamiliar calls or text may be perfectly innocent, but some may not. Known as ‘SMiShing’, this type of fraud often involves a fraudster contacting the victim via a text message or a call, asking for financial or personal details.12 Unfamiliar calls or texts could potentially lead to consumers being charged for calling or responding to premium numbers, meaning they could find themselves out of pocket.
Ofcom, Britain’s communications regulator states that mobile phones should be treated with the same level of care as bank cards, as they can potentially be a pot of gold for fraudsters who wish to benefit from them.13
RKN Global’s founder, Ronald K. Noble, underscores the importance of using best practices with one’s cell phone. Not responding to calls and texts that are from unfamiliar sources, and limiting the public nature of your social media presence are a few of the common sense ways to make yourself less of a target.