photo by:

Sim Swap Fraud

Sim Swap Fraud
The following information was recently circulated by Police Scotland

Police Scotland is warning members of the public to be aware of a fraud which has recently resurfaced. A local resident was victim to a mobile telephone SIM fraud which resulted in the loss of a four figure sum of money. This is often referred to as SIM swap, SIM split or SIM interception attack.

The first thing that can alert a victim of this type of fraud is that no service is available on their mobile telephone. The fraudsters bank on the fact that the owner of the mobile telephone does not question this for some time allowing sufficient time to commit the fraud. Only when contacting their respective service provider they discover that their number has been changed claiming a lost or damaged phone was the reason for the new SIM being issued.

Action Fraud provide the following information and advice:

Fraudsters in the UK purchase victim’s personal details that are obtained through the spread of Trojan malware. Victims detail packages are purchased from overseas criminals specialising in the collection of compromised personal data to sell.

Specific data is extracted, namely online bank account details and statements. Using the victim’s banking details to gain telephone access to the bank account; the fraudster then opens a parallel business account in the victim’s name. Opening a business account is subject to less stringent security checks once an individual already has a current account with a bank and helps make any transfers of money in the future less suspicious.

Details of the victim’s mobile phone, again extracted from the purchased personal data package, are then passed to an individual who specialises in the SIM Split step.

This SIM Splitter then:
•Uses the bank statement obtained through the hacking to establish the mobile network the victim belongs to;
•Uses open source searches using the victim’s details to ascertain potential answers to security questions;
•Uses open source searches to establish the mobile phone network provider;
•Obtains a blank SIM card, either through an insider at a phone company or by purchasing one;
•Contacts the phone provider and tells them that the mobile phone has been lost/damaged;
•The new SIM card is activated while the victim’s is cancelled;
•Contact details and security questions may be changed with the phone provider as to further frustrate and hinder the victim from reporting the fraud.

As soon as the SIM card is activated the SIM Splitter contacts the fraudsters and tells them to transfer funds from the victim’s current account into the newly set up business account.

As a security measure the banks will often make a call or send a text to the phone number registered to the account to confirm if the transaction is genuine. The SIM Splitter agrees to the transfer when contacted and disposes of the SIM card afterwards so not to be traced.

The fraudsters can then withdraw or transfer funds away from the business account with a lower level of scrutiny whilst maintaining a certain level of access and control of the account with the stolen details.

Please click on the following link for information on how to protect yourself against fraud:

Feel free to forward this information onto any friends, family or colleagues.cottish Borders)