These SIM Swap scams....how worried should we be??
Options
Comments
-
It's easy to know your number and know who that is with.
Numbers that have not been ported are stuck with the provider it was allocated to.
To me this is quite worrying that the mobile providers are moving numbers to new SIMs without following the correct checks. If someone manages to get your phone number then they could reset your banking or log into your google account hitting your emails and it just keeps going.
I am not worried about it.. I think that the industry will see quickly that transferring numbers without a lot of proof or warning is a bad thing. Perhaps they should send out several text/emails warning that is it being moved.
There's a lot of work that goes into this type of thing, so I would imagine that people hit by it will be quite low - hundreds of people, not thousands.0 -
Funny how the reported frauds are for many thousands, why would anyone keep £10,000 say in TSB when they only pay 5% on £1,500 and the monthly saver total couldn't be much over £3,000?
So the fraudster knew someone would have a £29,000 payout coming in to their account? Good timing!
Or the fraudsters have time to set up a big loan and the account holder doesn't realise until they watch it leaving the account in real time. Good timing again!
The truth is out there but Im not sure where.
Am I worried? Yes but Im still leaving money in TSB because something doesn't sound right about all these supposed frauds.0 -
You say that, but there's a lot of people out there that do just have the one bank account and keep all their money in that.0
-
Wow, that's a little easier than I thought. I use fake answers to all of my security questions and this gives me a little more validation that I'm doing the right thing.This being obtainable (for anyone born 1911-1982 approx) in seconds to anyone capable of typing "f r e e b m d dot o r g dot u k" into a web browser. The exact date of birth can be obtained by applying for a certificate, and details for people born after 1982 are freely available on other sites.
There is absolutely no excuse for any organisation to still use mother's maiden name as any kind of 'security' question. (and if you are asked for this, don't use the real one)0 -
That's just it, if the fraud is for many thousands, it's widely reported - that's what I'd expect. No doubt there are lots of smaller frauds and many more attempted frauds that we don't hear of.Yorkshire_Pud wrote: »Funny how the reported frauds are for many thousands, why would anyone keep £10,000 say in TSB when they only pay 5% on £1,500 and the monthly saver total couldn't be much over £3,000?
So the fraudster knew someone would have a £29,000 payout coming in to their account? Good timing!0 -
Not very.
Why is it an issue?0 -
Yes, I am a bit lost myself.
How exactly can my SIM be swapped and then someone reset all my banking credentials?
Surely I would notice if my mobile phone stopped working.
The various articles on this and other frauds are always written for maximum effect and leave unanswered so many questions.
I agree with what has been said above.
In order for this to happen, the fraudster first has to obtain the new SIM which would almost certainly involve interception of post or production of fake photo ID in a store.
Even if the SIM was somehow swapped, how does the fraudster then obtain info regarding the bank accounts? How do they even know which bank let alone username, password etc to log in?
Why does the victim never realise when their phone stops working for an extended period?
Why do these victims have so much money in their accounts just waiting to be stolen?
These victims MUST be giving away this information somehow.0 -
Yes, you'd be able to notice as you'd lose cellular connectivity. If this ever happens, then you'd need to act quickly to contact every organisation that sends you authorisation codes by SMS.Yes, I am a bit lost myself.
How exactly can my SIM be swapped and then someone reset all my banking credentials?
Surely I would notice if my mobile phone stopped working.
Unfortunately victims tend not to realise what's going on - they naturally assume their network provider is having problems, not that someone has taken over their mobile number.0 -
You misunderstand what is meant by the term SIM swap.The various articles on this and other frauds are always written for maximum effect and leave unanswered so many questions.
I agree with what has been said above.
In order for this to happen, the fraudster first has to obtain the new SIM which would almost certainly involve interception of post or production of fake photo ID in a store.
It isn't that a physical phone SIM is intercepted. SIM swap is a service provided by mobile phone networks to keep your phone number when you sign up with a new provider. People like to keep the same number when they change provider and that is where this service has come from.
A SIM swap attack usually starts with the fraudster calling the network provider pretending to be a customer (or breaks into the customer's online account) to request a PUK code (Personal Unlocking Key) PAC code (Porting Authorisation Code) that enables them to sign up a new account and transfer the mobile phone number. Phone providers have been subject to regulation in order to remove as many barriers to customers switching provider as possible, and this had probably made it easier for the fraudsters.
Once they have this code, transferring the victims phone number is a fully automated process with no checks in place to prevent fraud,
Information required to convince customer services that they are the customer can be obtained from public databases, illicit databases of personal data and security breaches. With so many companies having had data breaches, there's a lot of information out there. People also post a lot of personal information on their social media accounts. If you are careful and keep things private, you probably have little to worry about, especially as you won't be liable for any losses.
I mentioned ways in which fraudsters can get hold of information about the victims bank account in post #4 above.Even if the SIM was somehow swapped, how does the fraudster then obtain info regarding the bank accounts? How do they even know which bank let alone username, password etc to log in?
Why does the victim never realise when their phone stops working for an extended period?
Why do these victims have so much money in their accounts just waiting to be stolen?
These victims MUST be giving away this information somehow.
In the post linked below, I discussed how, armed with just the victims full name, date of birth and either their username or account number, the fraudster can use a SIM swap attack to reset the customers password and memorable information on Lloyds group (and TSB) accounts:
https://forums.moneysavingexpert.com/showthread.php?p=74330288
You are right that people are giving away this information and there are surely plenty of cases of people being careless with what they broadcast to the world. Unfortunately, in other cases they are just giving it away to companies with whom they do business and which store it insecurely.0
This discussion has been closed.
Categories
- All Categories
- 343.2K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.3K Work, Benefits & Business
- 608K Mortgages, Homes & Bills
- 173.1K Life & Family
- 247.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards