“If you’re not happy with your mobile network, it’s never been simpler to switch to a new provider.” This is the message on Ofcom’s own website…

But while regulators like Ofcom aim to make life easier for consumers, is the ideal of hassle free switching perpetuating a fraud that’s having devastating effects on it’s victims. And as a fraud that crosses industry borders in terms of telecoms, banking and social media, are we doing enough to put the safeguards and checks in place to prevent fraudsters from hijacking our phone numbers, wreaking havoc on our social media profiles and emptying our bank accounts, all in a matter of minutes?

SIM swap fraud, also known as SIM jacking has seen a colossal rise of 400% in the last five years. This can amount to losses of between $3000 – $6000 per victim, with high profile cases including celebrities seeing losses in the $millions.

As well as emptying bank accounts, criminals have recognised the value of social media accounts, often employing aggressive tactics to extort ransom money from victims on the threat of deleting accounts or selling them off. With many businesses dependent on the audiences from their social media profiles losses can be hugely damaging. For those in the public eye account takeover can also be embarrassing, particularly if you run a tech company. Such was the case of Twitter CEO Jack Dorsey, who in 2019 lost control of his Twitter account through SIM swap fraud.

This kind of account takeover fraud revolves around criminals obtaining your personal information, often from social media profiles, phishing emails or from stolen data. Armed with your personal information they trick call centre operatives into thinking they’re talking to the legitimate account owner, persuading them to switch the SIM (subscriber identity module) inside your phone to one inside their handset, resulting in you losing your phone number to the fraudsters and rendering your handset useless.

Now in control of your phone number the criminals receive all calls and text messages intended for you, including one-time passcodes to authenticate and access your personal accounts such as social media, banking, email accounts and so on.

SIM swap fraud all too often takes advantage of a failure in procedures at a human level,and a lack of checks and safeguards to ensure that call centre operatives are unable to be duped by experienced fraudsters. More-over the lack  of procedures has encouraged inside fraud where staff themselves accept bribes from criminals to illegally process SIM swaps to gain access to sensitive accounts.

For the most part telcos are unaffected by SIM swap fraud with the consequences hitting the financials and social media accounts of victims. A lack of joined up thinking between telcos, regulators, the banking sector and social media has provided opportunities to fraudsters, leaving consumers not just out of pocket, but unsure as to where the responsibility lies, and how to adequately protect themselves.

 

Efforts to counter this type of fraud have fallen short of the mark, remaining corrective, most often with compensation paid out from banks, as opposed to preventative. What is required is to stop the completion of a fraudulent SIM swap request in the first instance, thus preventing the subsequent fraud.

Two stage authentication has been widely adopted to confirm the identity of account owners on banking apps, email providers, social media and on OTT streaming services. Nevertheless this still leaves a gaping hole in the face of SIM swap fraud. Directing authentication messages to a phone number means it has little in the way of safeguards following an illegal SIM swap, continuing to blindly forward verification messages to fraudsters in control of the phone number.

As with many frauds SIM swap is time critical, once a swap has been executed it can take just minutes for criminals to access sensitive accounts. Two stage authentication has been almost entirely overlooked by telecoms, where in fact it can be utilised as an extra layer of security at the signalling level. From within the core network two stage authentication can be used to identify when a SIM swap is in progress, and establish the legitimacy of the swap request, red flagging suspect swaps before finalising them, and preventing the subsequent fraud.

As increasing numbers of consumers opt for second hand and refurbished handsets driven by the high cost of new phones, so will the number of people requesting to swap their SIM’s. With greater SIM swap requests being made to call centres, it will be crucial that telecom operators have robust processes at every level of their business to counter fraud.

To successfully combat SIM swap fraud and other types of network fraud it takes a multi-layered approach, where signalling can play a crucial role.

As signalling and protocol specialists Squire Technologies develop innovative solutions to combat telecoms network fraud. To find out about these including our  MavenShield fraud prevention solution, and Prism network monitoring probes visit www.squire-technologies.com

Let's talk

+44-1305 757314

64 High West Street, Dorchester
Dorset, DT1 1XA
United Kingdom

© Squire Technologies Ltd 2017. All Rights Reserved.