SIM Swap - How to Safeguard against Fraud

SIM Swap is currently the highest running issue for smartphone users. A criminal or a fraud can register the number of a cellular company’s client on a new SIM card and then use the same to intercept numbers, OTPs and passwords. The same can then misused to carry out various transactions for online banking, account change, and security settings.

SIM swap may also be used to hack sims and then make calls for long duration whose bill, unfortunately, the customer for the cellular company may end up paying. Generally, SIM swaps are used to defraud people anyway or the other, the customer will always end up losing a lot of money.

For eg: cellular companies like Vodacom and MTN have been using the technology for a few years which prevents SIM Swap frauds. It generally helps to check the date and time of the last SIM Swap, date and time of the actual handset and also a number of calls made with the exact combination of SIM card and handset.

Occurrence of SIM swaps: SIM swap will begin with the fraudster trying to gain access to your online banking process by sending you phishing mails or phishing SMSes. Basically trying to obtain your user id and password when you reply to the phishing SMS or mail. A website may be developed similar to the actual online banking website which stores your details and then the same is misused for various fraud transactions.

It can be prevented as several banks nowadays make use of the 2 Step verification process by adding an extra layer of security where there is a login password, a transaction password and also an OTP sent to your registered cell number which unless and until matched exactly, the transaction will not proceed.

Another phase of carrying out similar frauds the criminal may try is to gather information related to your network operator. Your number can be found by a process known as social engineering, e.g., they might call you try to gather information like your name, DOB, address and other data, which may be unique to your SIM. Once the same is obtained, it may be used along with fake documents to approach your network operator and pretend to be you. After which they will tell the network operator that they have lost the SIM and then get whatever they want.

Then you may or may not receive phone calls or SMSes from people pretending to be employees of your cellular network telling you to switch off your phone due to ongoing maintenance or some other story. With your phone off, you are much less likely to notice the lack of incoming calls and SMSes to your phone, because at this point the SIM swap scam is in full effect. If you were to switch your phone back on, you would likely see that there is no service from your operator. The other SIM card registered with your number on it, is the one that will now receive any and all calls, SMS notifications, which together with your banking details which were obtained from you earlier, they can use to clean out your bank account without your knowledge, and by the time you realize, it will be far too late.

Once you become a victim of SIM swapping please perform the following steps:

1. Call your mobile operator for assistance

2. Talk to the appropriate department

3. Suspend all online banking activities for your account so that nobody is ever able to log in for anything

4. Else if the money is still being transferred out of your account due to fraud reasons then you need to open a case with the police within the 48 hours of the incident as during this time the documentation from your bank will help the police with the investigation

In order to avoid such SIM Swaps in the future you need to follow the steps given below:

• Make sure to become familiar with existing scams by reading appropriate blog posts, forums, or articles in the newspaper, so when you see that email or SMS arrive in your inbox, you know it’s bogus
  
• Don’t ever reply to suspicious emails. Your bank would never ask you to enter any confidential information into an email
  
• Don’t ever click on links that may lead you to phishing websites – websites engineered to appear and operate like the official website. They may download a virus on to your PC, just by visiting them, which could serve as another means of obtaining your banking account password(s)
  
• Use your common sense. If you receive an email claiming to be from your bank, ask yourself if this is the same email address associated with your online banking account.
  
• Don’t use publicly visible email addresses for banking. Use a secure, private email address that nobody but you and your bank know.
  
• Always visit the official website of your bank by typing in the address. Bookmarking the website isn't safe because there are forms of malware that could tamper with bookmarks so that they redirect you to phishing websites.
  
• Always try to log in to your online banking profile via the official website. There are ways to make sure that it’s the official website – not only by looking at the URL, but by checking the security certificate, which usually appears in the form of a padlock in your browser. You could even look for the website on a database, which would confirm whether the website is safe or not.
  
• Change your online banking passwords frequently. I would suggest at least once every 3 months. And make sure it’s a strong password too.
  
• Don’t answer calls or reply to SMSes from numbers you are not familiar with
  
• Even though it may be tempting to put your phone on silent mode or switch it off when multiple calls come through, it may not be the best idea, as this is exactly what the fraudster may want you to do, so that you don’t notice anything strange going on with your phone
  
• Take note of the number the call or SMS came from. You can then look for this number on smscodes.co.za, or even contact your mobile network operator and check with them for more information if you receive a suspicious call or SMS.
  
• Consider joining a bank that gives you better security when it comes to banking, especially with online and cellphone banking. Some banks are known for not being secure with the features they provide. The same could be said for some cellular networks.
  
• If the bank only offers 2-step verification security that relies on using a mobile phone to access your account, then check whether or not you can set a backup number, or an email address where you can at least receive notifications.