Crooks still pulling off SIM swap trick despite security clampdown: Internet Scambusters #916
SIM swapping -- switching a victim's phone number to a scammer's new phone -- is still happening, despite efforts by cell phone service providers to clamp down on the crooks.
In this week's issue, we'll explain how the scam works and what you can do both to avoid it or respond if you get caught.
We also have news of three new scams connected with the Coronavirus (Covid-19) pandemic.
Let's get started...
5 Actions to Avoid SIM Swap Scam + Latest Covid Scams
Since most of us use smartphones these days, mobile security has become a key part of responsible phone ownership, especially in the age of the SIM swap.
For the few who maybe don't know, SIM stands for Subscriber Identity Module; it's the chip issued by a cellular service provider. It slips into the side of a phone and links it to the provider. But because it's removable and swappable, that also makes it a security risk.
Scammers have developed a clever way of stealing your SIM identification so they can make calls that you pay for -- and do a lot more.
According to a study published earlier this year, fraudsters are hauling in thousands of dollars by tricking users into circumventing the security restrictions introduced by most service providers.
"The practice of SIM swapping is becoming more common, and despite carriers putting safeguards in place, it's scary how quickly the (study) researchers were able to take over a phone number," says online tech site CNET.
It's a relatively simply trick. The scammers contact your service provider pretending to be you. Usually, they have quite a bit of personal information, bought on the black market, which they can use to mimic your identity.
They tell the provider they want to switch your number to a new phone. If they can convince the provider, that's all they need do to take control of your number.
These days, however, many providers have started texting a number to the original phone as a security precaution before they make the transfer.
Latching on to this, scammers contact the victim before all this happens, posing as the service provider, and saying that for security reasons they will be texting a number to the owner, who must then phone them back on a provided number to give them the code.
Hey presto. The scammer can now recontact the provider with the code number and, again, get control of your account.
"At first glance, it seems somewhat harmless," says CNET. "But when you consider that most of us have our phone numbers linked to our bank, email and social media accounts, you quickly begin to see how easy it would be for someone with access to your phone number to take over your entire online presence."
It even wrecks some elements of two-factor authentication (2FA), the security that many of us have in place to double check our identity after we've entered a password. That's because many sites text the 2FA codes directly to the now-compromised phone number.
So, what can you do to avoid the SIM swap?
Steps You Can Take
- Limit the posting of personal information online, especially your cell phone number.
- If possible, use bio-identification -- a fingerprint or facial recognition -- as your secondary authentication on your phone, or an app that requires a master password before it yields the SFA.
- Then, use second or multi-factor authentication on every account you can.
- Set up a Personal Identity Number (PIN), if you don't already have one, with your service provider. Anyone who tries to swap a SIM should normally be asked for this. Don't use the last four digits of your number or your birthday though -- scammers may try this.
- If you receive a call about a security code that's supposedly being texted to you, don't provide it to an incoming call or use a number provided in the message. Instead, phone your service provider direct.
If you do lose service on your phone, contact your cellular provider immediately. Unfortunately, that's only the start. You will have to change your passwords -- and that's if the scammer hasn't already done so, in which case you'll have to contact each account provider to rectify it.
Also, frequently check your financial accounts to see if there's been any unusual activity. If there has, notify the bank or card company.
SIM swaps are getting tougher thanks to increased security by service providers. But, sadly, that doesn't take into account some customers' gullibility. Follow our tips and you'll slash the risk of getting caught out.
More news this week of a fresh batch of Covid-19 scams:
- Students are receiving fake messages that appear to come from their college, offering work-from-home jobs that are supposedly available because of the pandemic. It's mainly an advance fee scam in which the victim receives a counterfeit check they have to bank and then wire cash to the scammer before the check is exposed as a dud.
- The FTC has filed suit against a marketing firm that allegedly sent out fake stimulus checks, with a message describing it as a "Covid-19 auto stimulus." It's not a real check says the FTC, just a promotion for a car sales event. Read about it in this article: They use a COVID-19 pitch to sell WHAT?!
- The Internal Revenue Service (IRS) is warning that scammers are increasingly using terms like "coronavirus," "Covid-19," "stimulus," and "pandemic" in their efforts to get victims to give up personal information.
The agency says it "will not call, text, email or contact you on social media to ask for personal information or banking information."
Time to conclude for today -- have a great week!