SIM swapping, sim hijacking or e-sim phishing enables a fraudster to trick a mobile carrier into transferring a number that’s potentially causing people to lose control not only of social media, but bank accounts and other sensitive information. The SIM card inside your phone is a small plastic chip that tells your phone which cellular network to connect to, and which phone number to use.
This type of attack targets a weakness in two factor authentication via text message to validate access to an account, which has become a popular break-in method in recent years.
These days as most of us have our phone numbers linked to our bank, email and social media accounts, it is easier for a person with access to a phone number to take over the person’s entire online presence.
Last year, despite considerable security precautions in place, Twitter chief executive Jack Dorsey became the victim of an embarrassing compromise when attackers took control of his account on the platform by hijacking his phone number.
related news
With the ongoing coronavirus pandemic, cases of e-phishing are on rise as most of the services have become digitalized. For instance, in August this year Haryana’s Faridabad caught a new phishing racket that they suspected had been used to access over 300 nationalised and private bank accounts across five states — Punjab, Haryana, Bihar, West Bengal and Jharkhand.
How do criminals execute this fraud?
One needs One Time Password (OTP), Unique registration number (URN), 3D secure code etc when carrying out an online transaction.
As this information is provided through the registered phone number of users, SIM swap fraudsters send phishing mail impersonating credit card companies, health insurers to take out personal information like legal names, dates of birth, addresses, and phone numbers of their targets.Criminals also collect personal data of the users from social media platforms and then call the mobile service provider of the victim and request a new SIM claiming they have lost mobile handset, or got a new handset or damaged SIM card.
Using the personal data of their target, fraudsters convince the customer care executives that it’s the user and a new SIM card issued for the registered mobile number of the person.
After issuing a new SIM card, the mobile service providers deactivate the old one, which in SIM swap fraud case, is with the customer or victim. After gaining the access to the victim's phone number, they target their bank accounts. As most banking services like money transferring among others require One Time Password or OTP, fraudsters use the access to mobile number for carrying out financial transactions without the victim getting any alert on their phone.
What you can do to avoid becoming a victim
>> It’s important to be vigilant about the personal information you reveal to others. Avoid making your phone number public on social media sites
>> Consider your mobile network to be the first warning signal. If you don’t have a network on your mobile and have not received SMSes for a substantial amount of time, check with your service provider. Some service providers even send text alerts before a SIM swap, which means you might have to take SMSes sent by your service provider more seriously.
>> If your bank offers SMS and email alerts for all your banking activities, then opt for both the options. Keep a regular check on your bank statements.
>> The 20-digit SIM number mentioned on the back of the SIM card is crucial. Never share it with anyone.
>> Consider avoiding your phone number as a recovery option for your passwords and account. To access information such as personal identification numbers use another email ID, which is not linked with your phone number."avoid it" - Google News
September 13, 2020 at 05:44PM
https://ift.tt/2ZPebxR
SIM swap fraud: What is it, how you can avoid it and other questions answered - Moneycontrol
"avoid it" - Google News
https://ift.tt/3844a1y
https://ift.tt/2SzWv5y
No comments:
Post a Comment