The mobile phone porting scam, also known as a SIM swap scam, is when a scammer transfers your mobile number to a device they control, without your permission. Your phone number is the weakest link in the security chain.
SIM Swap: Why?
Before we delve into how, let’s examine why SIM swap is so crucial to scammers.
- Your phone number allows them to intercept your text messages, including those containing verification codes for your online accounts, such as banks, online shopping, loyalty programs, and more.
- Potentially gain access to your bank accounts using two-factor identification codes
- Make premium cost calls
Remember, they don’t have your handset, and since you log in to Google or iCloud, they don’t have access to passwords on the device or access to email, contacts, social media, and other sensitive services. Yet!
And the ‘yet’ is all about how much the scammer or dark web AI knows about you.
SIM Swap: How?
SIM Swap could mean a legitimate need to swap a phone number from one SIM to a replacement. The SIM could be faulty or damaged. In that case, you initiated it, and numerous ID safeguards are in place, such as presenting your ID at a retail outlet to facilitate porting and the transfer of associated accounts.
Or it could mean a scammer porting your number to another SIM, in which case, you don’t know until your phone number stops working.
In the past, all that was required for a SIM Swap was the owner’s name, mobile number, email address, or date of birth. That has changed, but reports of SIM swap are increasing.
Scammers now have to gather as much personal information about you as possible
DarkBERT is the most malicious dark web AI. It’s coming after you and can now granularly focus on you by collecting everything you have posted on social media or in a host of other online sources.
Scammers may also apply emotional pressure to service agents, a process known as ‘social engineering’, to convince a carrier that they are the account holder. They usually use the excuse of changing carriers or having lost their device.
In mid-2020, new procedures were introduced to prevent SIM swap scams. These include multi-factor authentication for high-risk transactions, such as SIM swaps, in-store ID checks, and a delay for SIM swap requests not initiated by the customer. This delay allows the carrier to send an SMS to the real owner to ask if they have initiated the SIM Swap.
If you have an eSIM, you must initiate the eSIM swap from the app on the original phone and then accept it on the recipient phone.
Can we do anything?
The ACMA is on top of the issue, especially as its 2020 measures were apparently not enough to stop determined scammers.
Special note for Optus users: Scammers now have access to the 2024 breach data and are using AI to farm it for potential scams. It is all about scammers knowing enough to pass fairly stringent ID checks.
The FBI says other potential targets include:
- Executives and high-profile individuals
- Cryptocurrency holders
- Seniors and those less familiar with cybersecurity best practices
Don’t overshare on Social media: It is a gold mine for AI to predict what passwords you use, age/DOB, and so much more. Frankly, you all overshare.
Take it from someone who doesn’t use social media; I have seen some dark web profiles that contain so much information that even your mum wouldn’t know.
Don’t Respond: If someone calls or texts you and asks for personal information, do not provide it. If the caller claims to be from a business you are familiar with, hang up and call that business using a number you trust, such as the number on your bill, in a phone book, or on the company’s website.
Be vigilant: Check your bank balances and transactions regularly.
Act fast: If you suffer a SIM swap, you may have only a few hours to prevent it.
- Contact your phone company.
- Contact your bank and other financial institutions and change passwords immediately.
- File a police report.
- Place a fraud alert on your credit reports and get copies of your report.
CyberShack’s view: SIM swap is still an issue
In 2024, the ACMA fined Telstra more than $1.5 million for failing to properly authenticate customer identities in 168,000 ‘high-risk interactions’, including SIM swaps. Telstra responded that, “Its procedures are strict and robust, but criminals could potentially bypass them if a victim’s identity has been thoroughly compromised”.
The ACMA states that despite procedural changes, the rate of SIM swap increased by 160% from 2023 to 2024.
Last year, a Victorian man was arrested over 193 ‘port-in’ attempts against 86 mobile numbers registered with different networks. The AFP alleged that 44 of them were ported, without the rightful owners’ consent.
In 2024, in the UK, nearly 3,000 cases of SIM swap were reported. Identity fraud in the telco sector rose by 87%.
Comments