Just when you thought you were getting the hang of making sure you lock your computer screen at work, changing your passwords regularly and making sure not to click on any dodgy links emailed through to you, you see a headline in the news that looks something like this “SIM-swap scammer nabbed for stealing $5 million...” You feel a lump in your throat and you slowly turn your head in the direction of that one device that never leaves your side.
This device which you hold so dear, with all your conversations, memories and for some, your passwords in “notes” (If you are reading this and nod your head in agreement, please delete those passwords and remember them!). Your device can be subject to a cyber-attack. Malware can be deployed on your phone through third-party apps you download. Other attacks related to mobile devices include SIM swap fraud, scammers calling you acting as your service provider doing a “fraud check” needing you to read out the logon code sent to the device or sending ransom sms’s demanding payment. These are all very real examples of ways in which cyber criminals are trying to steal your money.
One of the examples mentioned above is SIM swap fraud, this form of attack is a sophisticated form of fraud that allows hackers to gain access to bank accounts, credit card numbers and other personal data.
As with any form of attack, cyber criminals lay a foundation before conducting the said SIM-swap. They need to collect as much personal information on you as possible to make this work. Fraudsters might send phishing emails impersonating real businesses. The motive behind this is to trick you into giving them your personal information like your full name, birth date, addresses and phone numbers. Many people still can’t tell the difference between a phishing email and a real one and this is what the fraudsters rely on, especially if they make it look almost identical. Otherwise, they will use public websites, social media, and data scrapyards from criminals who specialise in collecting personal data to retrieve information on you to pull off a successful attack.
Attackers can perform the SIM swap from your provider. Using tactics such as social engineering or sweet talking the cell phone company’s representative. An eager/susceptible representative will often gladly help without any hesitation! Since the attacker uses the information they have collected to convince the representative of who they are (or are not) and explain that the sim was stolen, damaged or lost, how could the employee wanting to help the customer not provide them with a new SIM or more correctly…YOUR SIM.
Once a fraudster has the new SIM card they often target bank accounts. Almost all banking customers have their cell phone numbers linked to our accounts. It’s how you receive your OTP (One-time password) to change a password or pay a new beneficiary. Attackers will now get all your SMS’s.
Now that they have access the attacker will start to siphon your funds without you knowing that it is happening. This is because it is hard to detect SIM card fraud before it’s too late. You will only notice when you consistently do not have connectivity. If you can’t make or receive calls, contact your service provider immediately to find out whether a SIM swap has been processed.
Here are a few steps to take in order to curb the chances of you becoming a victim:
- Avoid revealing too much personal information online.
- Find out what alerts can be set up with your bank or phone company to identify any attempts to access your accounts.
- Enable two-factor authentication.
The key is to be vigilant in order to identify changes which could alert you to an impending attack.
Attackers will use anything at their disposal to rob you.
We are here to help and have exciting new ventures that will assist not only your corporate cyber life but your home cyber life too, watch this space.
From your Resident Millennial here at J2 Software #Letsgetreal
Olivia Hannah Coetzee
Image via techlicious.