?:reviewBody
|
-
One of the many new forms of crime that modern technology has brought us is a form of identify theft known as SIM swap fraud. Subscriber identification modules (SIMs), commonly referred to as SIM cards, store user data in Global System for Mobile (GSM) cellphones. In simple terms, your phone's SIM card stores identifying information that authenticates your cellphone service and allows you to connect to mobile networks. If fraudsters can gather enough personal information about you to answer some common security questions, they may be able to call your cellphone service provider, claim that you have lost or damaged your phone's SIM card, and ask the provider to switch your phone number to a different SIM card (which is in their possession). Once that's done, the fraudsters effectively control your phone number and can use it obtain a wealth of sensitive information -- including, possibly, requesting that your bank send codes via text messaging that will enable them to reset passwords and log in to your financial accounts. While security experts have been trying to raise awareness of SIM swap fraud, at least one social media post on the subject sought to provide useful preventative advice but misstated how such fraud actually occurs. The most common version of the post read as follows: Steven Andrés, an instructor in the graduate program in homeland security at San Diego State University, termed that advice incorrect. Rather than being tricked over the phone and asked to press a button to initiate a malicious swap, Andrés explained, victims typically don't even know their SIMs were swapped out until it is too late: Victims connected to WiFi networks at home or work would still be able to use email on their phones, as well as access the internet and social media apps such as WhatsApp, Twitter, and Instagram. Andrés, who founded his own tech security company, told us that SIM swaps provide perpetrators with the ability to receive a victim's incoming calls or SMS (text) messages, just as Wired reported in August 2018: Another security firm, Flashpoint, found evidence suggesting that some scammers pay off mobile phone service employees to help them execute SIM swaps on targeted customers' accounts. The company also listed signs that a user's SIM information has been hijacked, which echo the ones Andrés mentioned: According to the tech news site Motherboard, in 2017 hackers exploited a weakness that allowed them to specifically target T-Mobile service users by gaining enough information that they could call the company, impersonate their victims, and request new SIM cards. T-Mobile alerted users in January 2018 to watch out for scammers trying to seize their information. One scam victim told the site that: Both Wired and Andrés recommended that cell phone users implement two-step verification for their accounts, but Andrés also urged them to seek more information from their service providers. I would strongly urge your readers to contact their carriers and specifically ask how they can completely block SIM or other account changes, he said. The issue is that even if you have a PIN on your account, if there is an unscrupulous employee at the carrier, they may be able to easily bypass the protection.
(en)
|