SIM Swapping

All you need to know about

SIM Swap Fraud

What is it and how to prevent it?

SIM Swap
Get A Copy

Intro

Though SIM swapping is a relatively new form of mobile fraud, only dating back as far as 2013, it has become increasingly popular with fraudsters in the UK and around the globe. So much so, that the US Fair Trade Commission noted an increase of 150% in the number of SIM swap offences between 2013 and 2016, and figures for the UK suggest an increase of 60% between 2016 and 2018.

What is SIM Swap?

A SIM swap - also known as SIM porting - is not inherently fraudulent. Telecom providers created this process so that consumers could easily move an existing phone number to a new SIM card. This is helpful in cases where consumers are upgrading to a new phone or replacing a damaged or lost SIM card.

Screenshot 2019-07-15 at 09.57.11

Because this is a data sensitive process, consumers are required to contact their provider, answer questions, and provide account information that verifies their identity before the provider will authorize the SIM Swap.

 

One of the main attractions of SIM Swapping is the simplicity of it. All criminals have to do is to gain some personal information about their potential victim from social media or via a targeted phishing scam or cyber-attack. They then use this information to bypass the security measures of the victim’s mobile operator, and request that their number is ‘swapped’ to a blank SIM. This can be done by phone, or face-to-face in a high street store.

 

Once the number has been swapped to the new SIM, the victim’s SIM will be blocked, and scammers will have access to all of their contacts and messages. This could include password reset links and login codes that are sent via SMS to access online banking and other accounts. This is what allows criminals to commit more sophisticated criminal activity, such as theft and identity fraud. What’s more, criminals behind SIM-swap attacks will often sell the personal details they have on their victims on to the dark web, leaving them vulnerable to further attacks in the future.

Screenshot 2019-07-15 at 10.02.08

Many of the major mobile operators in the UK have fallen foul of SIM Swap fraud, as have some of the biggest high street banks. Notable cases of SIM swapping that have made headlines over the past few years include individuals having lost thousands of pounds within the space of an hour, losing all their savings in seconds, or having massive loans taken out in their name.

Why is SIM Swapping on the increase?

Aside from SIM swapping being a relatively easy score for scammers, it is hard for authorities to trace the culprits. Many of the incidents in the UK are thought to be the work of crime gangs operating on the dark web, which is notorious for its anonymity. Tracking these gangs down has so far proven to be very difficult.

 

Social media also has a hand in helping criminals. By monitoring online social activity, it’s easy to identify high value targets, as well as find out personal information that can be used to help answer commonly asked security questions used by mobile operators and banks, such as the name of your first school, first pet or mother’s maiden name.

 

Finally, and perhaps most importantly, smartphones have evolved from being a convenience to an essential part of everyday life for many of us. It is common for people to have their mobile number linked to their bank account and to use 2 factor authentications when logging in to everything from mobile banking to social media and retail accounts. By stealing someone’s mobile number, you can now gain access to many areas of that person’s life, including their financial portfolio.

 

Read our FPS blog to learn more about why SIM Swapping is on the rise.

Blog SIM Swap LinkedIn Img@4x

The risks of SIM Swap Fraud to Financial Institutions

The number of people who own smartphones is expected to grow from 2.1 billion in 2016 to 2.6 billion by the end of 2019 - roughly a third of the world's population. According to a survey by Statista, 94% of adults in the UK own a mobile phone. And each of these phones provides an access point into the sensitive areas of a person's life.

 

Customers of financial institutions such as banks are generally at the highest risk for SIM swap fraud since this is quite literally "where the money is".

 

Successful SIM swap operations can make it easy for hackers to obtain things like verification codes and account information, giving criminals a discreet and simple entry point into a person's finances.

 

On the consumer end, there is little a person can do to avoid being a victim of this form of fraud. Instead, it is up to banks, businesses, and mobile operators to prevent this form of fraud from taking place. Fraudulent attacks not only put consumers in jeopardy, but they can also damage the reputation of trusted institutions.

How SIM Swap works?

Here is a rundown of how SIM Swap fraud pans out in practice, to help you know exactly what to be vigilant of.

1. The initial port

The first step in a case of SIM Swap fraud is the initial port. This is when the hacker first moves the victim’s phone number onto a mobile device in their control. But how is this achieved?

 

Like we mentioned in the beginning, in order for a legitimate SIM Swap to be authorized, a consumer has to first verify their identity to their mobile carrier. This is required before giving anyone is given the ability to move a number to a new SIM.

 

Unfortunately, this is not a fool-proof way to ensure that only the SIM owner can swap their phone number. So long as the hacker has sufficient information to pass the verification tests (it could even be as simple as having the answers to security questions or a four-digit PIN) they can get permission to port a number to a new SIM. All the victim will experience is a lack of cell service, which might not even be noticed if the victim is asleep, at work, or using a WiFi instead of mobile data.

 

2. The hacker gains access to a primary account

Once the hacker has the phone number, they’ll generally move on to cracking into a valuable account as quickly as possible. Most accounts with financial resources tied to them require more than a reset password link or 2FA code to access, though. So, in order to gain access to one of these accounts, the hacker will likely start with a primary account.

 

An example of a primary account would be a Google account, Apple account, or an email that the rest of a person’s accounts are tied to. With access to one of these primary accounts and a person’s phone number, the hacker can fairly easily get into the rest of the victim’s online accounts.

 

3. The attacker gains access to an account containing financial resources

Now that the hacker has access to the victim’s primary account, gaining access to the rest of their accounts is relatively simple. All they have to do is go through the password-reset process for the accounts they want to hack into, follow links, and copy verification codes. Once they’ve done this, they’ll have direct access into an account that is tied to the victim’s finances - generally a bank account.

 

From here, it’s not too difficult to imagine what happens. The victim’s funds are moved into the hacker’s accounts, withdrawals are made, desired goods are purchased, and so on.

Not only does the victim lose some or all of their finances at this point, but they also have lost access to their most valuable online accounts. Recovering these, without their phone number or email address, can be difficult - if not downright impossible.

 

4. The victim realises what has happened

It might take a few hours, maybe even a day, but at some point the person affected by a fraudulent SIM swap is going to realize that they no longer have access to cellular data or their most valuable online accounts. None of their passwords work, they can’t check their email, and their credit cards are suddenly being declined everywhere.

 

All they can do at this point is contact their telecom provider and their bank and see what can be done, if anything.

 

Check the infographic below to see the detailed timeline of SIM Swap and visually understand what happens within the fraudulent period.

SIM Swap Timeline Cover

 

How to detect SIM Swap?

While SIM Swap fraud is a serious threat to consumers, it is largely preventable on the business and mobile operator end. Banks and other financial institutions can take measures to protect their customers and their own reputation from the risks of mobile fraud. These precautions include tightening the restrictions on their processes and choosing to operate through security-oriented telecom providers.

 

One of the most valuable security assets that a bank has at their disposal is the amount of information they have for each of their customers. Any information you have can be used to verify someone's identity. And while a lot of this data can be phished from unsuspecting consumers, some of it is much harder to fake.

 

An example of this in practice is when a payment card is auto locked after being used in a location far away from the individual's normal routine. Whilst someone that is fraudulently using the card may be able to obtain the legitimate cardholder’s name, and pin, a suspicious change in location can be a telltale sign that the card isn't being used by its intended owner.

 

 

FPS Reducing the Risks of SIM Swap Fraud White Paper Cover-1

The same kind of logic applies to preventing mobile fraud. By working closely with mobile networks, you can use information like an individual's SIM card information, brand of mobile phone, and typical behaviour to verify a person's identity - even after they've had their SIM swapped.

 

To learn more about how to reduce the risks of SIM Swap Fraud, download our white paper.

 

How JT helps preventing SIM Swap Fraud?

JT is a global telecoms provider dedicated to providing companies with unique connectivity solutions through mobile networking and emerging technology. Security is at the forefront of our mission. Our services are designed to prevent mobile fraud before it ever happens, keeping consumers safe and preserving the reputations of businesses around the world.

 

Smartphones are expected to overtake credit and debit cards as the preferred payment method by 2020. Other studies have shown that at least 65% of fraud transactions occurred on mobile devices. It's clear that mobile devices are the future of finance for customers and fraudsters alike, and as such, the need for increased mobile security is greater now than ever before.

 

JT has created a set of platform-based solutions, providing universal connectivity via a suite of APIs, specially tailored to meet the needs of financial institutions, providing them with the resources they require to keep their customers' data safe. JT's platform-based service acts as an intermediary between a consumer and their bank, providing real-time information that can be used to create a scoring profile within those institutions to enable banks to check for inconsistencies in their client profiles.

 

Alongside providing clients with a forward-looking connectivity, JT’s solutions provide a suite of tools to detect irregularities and protect clients, that guards against several forms of mobile fraud, including SIM Swapping and call diversion – all driven from the same platform.

 

1. JT Monitor

JT Monitor is the first part of JT's mobile defense. It provides our clients with SIM level information, making it easy to tell if a SIM Swap has recently occurred. A baseline of SIM data is regularly compared against a SIM's current status, providing users with an insight into how high-risk a consumer is for having had their SIM swapped without their knowledge.

 

Screenshot 2019-07-15 at 10.02.08

 

For example, say a customer is attempting to access information or complete a transaction through their bank account. When partnered with JT, that bank can run the request through JT's Monitor system, which checks multiple variables to determine if a SIM is likely to have been swapped maliciously. If JT Monitor determines that the SIM has likely been compromised, it can relay this information to the bank, preventing the hacker from ever accessing any sensitive information or resources within the bank.

 

JT Monitor works closely with the JT Signal feature as well, which looks for potential call diversions on an individual's phone number - a strong indicator of fraudulent activity. Having these two features working in tandem allows banks to ensure customer safety in spite of the growing risk of SIM Swap fraud.

 

2. JT Signal

Call forwarding - also known as call diversion - is a form of mobile fraud that routes the phone calls intended for a specific number to another. This means that an institution trying to contact a customer could inadvertently be contacting a fraudster, without the institution's or the customer's knowledge. JT Signal is designed to automatically detect when a forwarded phone call is actually a diverted call and puts a stop to it immediately.

 

Screenshot 2019-07-15 at 10.02.27

 

The JT Signal product provides access to a set of APIs that works in conjunction with the JT Monitor product to detect fraudulent SIM Swaps. JT is able to determine whether or not a mobile is set to divert incoming calls.  If for example, an unconditional call divert is in place, this can be an indicator that a subscriber’s details may have been compromised, and this will be input to the fraud scoring models of the banks to calculate a level of risk.

 

As part of the JT Signal product line, the platform can measure other unusual behaviour that will determine whether or not a person's SIM is being used abroad, and if so, where. JT Signal is also capable of determining if a phone number is registered and active, preventing false or outdated information from being used.

 

3. JT Locate

JT Locate is JT's third set of solutions to enable businesses in their pursuit of combatting fraudulent activity. The JT Fraud platform can provide certain levels of information relating to the location of a subscriber’s handset which again are fed into fraud scoring profiles. Information determining the country a handset is in, which network they are roaming on, along with proximity based on cell tower information.

 

Screenshot 2019-07-15 at 10.02.49

The JT Locate product line, provides these elements of a handsets location to enable customers to determine key information with regards to a subscriber when reviewing account details or making a purchase. For example, if a customer was attempting to make a purchase abroad, their bank would be notified that they were accessing funds in a new location. The bank - partnered with JT - would then send this request through JT Locate's system automatically, which would determine if the subscriber’s handset is in the same country as the access for funds is being made. It would then relay the decision back to the bank, at which point the bank would approve or deny the transaction based on JT's response.

 

The benefit of the scenario described above is that it takes a safety feature that has existed in banking for several years now and further automates the process, making it more convenient for the customer and the bank. Rather than simply denying a person's transaction because it's in an unusual location, JT Locate can provide intelligence to the financial institution to make a decision on whether or not to approve the transaction. This means that customers can enjoy a better experience when banking abroad, and banks can rest assured knowing that their service is just as secure as before, if not more so.

 

FPS Overview-1

 

To learn more about JT Fraud Protection Services,

please check out our FPS product overview.

Or contact us through the below form.

Jump To Section:

Download a quick guide to how to reduce risks of SIM Swap Fraud:

How to detect and prevent SIM Swap Fraud?
SIM Swap Detection

Detect SIM Swap with JT today!