What is SIM swapping and why should you care?
Surely you already know what we are talking about! SIM swapping happens once you ask your existing or new mobile operator for a new SIM card to transfer your cell number there.
While many people and mobile clients do this for perfectly legitimate reasons, unfortunately, cybercriminals do it too – albeit for much darker reasons.
Why do people do SIM swaps?
There are various motivations that drive people to want -or have to change their SIM. Suppose your cell phone got damaged or, for one reason or another, you decided to buy a new phone, but your old SIM card doesn't fit in this new device, Or maybe your SIM card itself got damaged or you decided to change your mobile operator. mistress? There are many reasons -legitimate- that encourage the exchange of SIMs on a daily basis.
Thanks to SIM exchange services and the portability of mobile numbers, today it is possible to keep the same mobile number -with the same digits- for years, even decades. Luckily, it is no longer necessary to alert everyone you know when you change your phone or operator; just changing your SIM or transferring your number will suffice.
It is due to the above that, if you think about it, the vast majority of your accounts (banking, email, social networks, and more) are linked or connected to your cell phone number. In other words, the time when cell phones would only serve as a means of communication to answer and make calls is a thing of the past!
Additionally, it is highly likely that several of the previously mentioned accounts will improve methods to reinforce the security of your data, such as -for example- two-factor authentication, which is closely linked to the use of your mobile device as means of verification.
And it is that, without a doubt, security has played a very important role since the beginning of our digital age. People spend an average of 24 hours online each week, double what they did just 10 years ago. One in five adults even spends up to 40 hours a week surfing the web.
What is identity theft and why should you care?
Now imagine that all this exchange is done -in your name- by someone other than you.
Cybercriminals make a living knowing how to do this, and in fact, have been doing it for years. However, for whatever reason, some companies still don't seem interested in catching up on security to protect their customers from identity theft.
Identity theft occurs when an imposter gains access to your Personally Identifiable Information (PII) and uses it for their personal benefit and exploitation. Most likely you have already heard hundreds of scary stories about scammers taking advantage of SIM swapping with malicious intent. More and more of these stories are coming from ordinary people like you.
Not too long ago, this was a concern reserved mostly for people with a lot of money in their accounts. However, this situation has changed and now we can all fall prey to this type of fraud. The reason? Scammers are diversifying the profiles of their victims and thus mitigating the risk of being caught by taking over the accounts of ordinary people, like you or me.
For example, did you know that children are easy targets for identity thieves because they don't use their own credit cards and probably won't notice any irregularities or identity theft until they reach adulthood or come of age? ? That's how it is! Our children are now in the crosshairs of many foreign friends. In less than 30 minutes, scammers can switch your SIM card and take over your accounts to transfer your money and take away your life savings. But the worst thing is not the lost money, what is really worrying is the theft of your identity. Can you imagine having to be reported to Datacrédito or being involved in a serious legal accusation caused by third parties?
How can cyber scammers steal your identity without you even noticing?
Here are the 3 main steps involved in illegitimate SIM swapping:
Social Engineering: The art of tricking people into providing sensitive information. The type of information these criminals seek can vary, as can the methods they use to obtain that information; but it all comes down to gaining access to your passwords and personal data. Scammers will often follow your activity on social media and learn everything about you, including your childhood neighborhood, the name of your first pet, and even who your best friend was in school.
SIM Swapping – You may be wondering how someone can access your SIM card, and the answer is: quite easy. Having previously done extensive social engineering to collect all your information, these criminals can simply call your mobile operator posing as you. After all, they already know your full name, date of birth (remember all those Facebook posts congratulating you on another year of life?), your pet's name, your children's names, your address; and everything they need to make it seem that -in effect- it is you on the phone. Some are even capable of bribing employees within mobile operators in order to obtain a copy of your SIM card. And just like that, you are no longer the sole owner of your mobile phone number. Every unique PIN, every login, and every verification and identification process can now be seen by the impostor. In other words, just like that, you have been exposed and none of your accounts remain safe after the event.
Fraud: The last step in this process is to perform a fraudulent act. By receiving your unique PIN or any other verification method related to the mobile phone, the scammer can easily access your email and change your address. From then on, the possibilities of fraud are endless for whoever is now the owner and master of your identity within the digital universe. By this point, the scammer has already claimed victory.