Phone customers do it all the time for perfectly legitimate reasons. Unfortunately, so do cybercriminals, and for all the wrong reasons. This article explains both sides of SIM swapping and how Infobip can help protect you, your business, and your customers from external threats.
Why do people SIM swap?
There are plenty of reasons why you would SIM swap. Say you’ve lost your phone or bought a new one – but your old SIM card doesn’t fit. Or maybe your SIM card got damaged, or you got a better deal with a new operator. When done for reasons like these, SIM swapping is entirely legitimate.
Thanks to SIM swap and mobile number portability services, your phone number sticks with you for years, even decades. You don’t need to go through the hassle of alerting everyone that you’ve changed your phone number; you simply get a new SIM (or in telco lingo: port your number) to another operator and carry on with your life.
These are the two most important reasons why most (if not all) of your accounts are connected to your phone number. The time of phones serving only as a means of communication is long gone. Today, you use your phone to contact and store email addresses, bank accounts, social network accounts, cryptocurrency accounts – just about everything about you.
Each of these accounts likely offers you two-factor authentication, which relies on your phone number. This helps keep you and your information safe. In practical terms, this means that a single, publicly available piece of information is used for your identification and verification.
Security has played a very important role since the dawn of our digital era. Nowadays, people spend an average of 24 hours online each week – twice as long as they did a mere 10 years ago. One in five adults even spends as much as 40 hours a week on the web. This means that if you’re an average adult, you’ll spend that much time on your phone shopping, streaming content on your morning commute, or banking.
What is identity theft, and why should you care?
Now, imagine someone steals this ability from you. Cybercriminals make a living out of knowing how to do this, and they’ve been doing it for years. Somehow, companies don’t seem interested in catching up.
Identity theft occurs when an imposter gains access to your personal identifying information (PII) and uses it for their personal gain and exploitation.
There are plenty of stories about scammers taking advantage of SIM swapping with malicious intent. These stories are all, without exception, scary. More and more of these stories come from normal everyday people like you.
Not too long ago, this was a concern reserved mostly for people with a lot of money on their accounts. This situation has changed.
Fraudsters are diversifying their portfolio and mitigating risk by taking over the accounts of regular people, like you and me, even our kids. Children are easy targets for identity thieves because they don’t use their own credit cards and likely wouldn’t notice any discrepancies until they reach adulthood.
In under 30 minutes, fraudsters can swap your SIM card and take over your accounts, transfer your money to themselves and take away your life savings. And they won’t stop there – they’ll take your entire identity.
How cybercriminals commit identity theft without you knowing it
Fraudsters do this by taking advantage of SIM swapping. By using a completely legitimate process, cybercriminals can get access to all of your accounts. Illegitimate SIM swapping consists of three main steps:
- Social Engineering – The art of deceiving people into giving up confidential information. The type of information these criminals are after can vary, as can the methods they employ to gain said information; but it all boils down to gaining access to your passwords and personal data. Scammers will often follow your activity on social networks and get to know everything about you – including the street you lived on, the name of your first pet, and who your best childhood friend was.
- SIM swap – You may be asking yourself how someone can access your SIM card, and the answer is – quite easily. By doing their homework and collecting your info, they can simply call your mobile operator pretending to be you. They already know your full name, birthday (remember all those Facebook posts?), your pet’s name, your kids’ names, your address – just about anything they need to trick someone into thinking they’re you. If they’re not skilled at acting, they can bribe someone at the store to give them a copy of your SIM card. And just like that, you’re no longer the sole owner of your mobile phone number. Every One-Time PIN, every login, every verification and identification process can now be seen by the imposter fraudster.
- Fraud – The final, ultimate step in this process is performing a fraudulent act. By receiving your one-time-pin, or any other mobile-phone-related verification method, the fraudster can easily access your email and change your address.
By step three, it’s too late for you and your data.
How Mobile Identity keeps you safe from identity theft SIM swapping
This is why Infobip’s Mobile Identity SIM swap solution kicks in at step two. By checking for any changes to your IMSI (International Mobile Subscriber Identity), Mobile Identity can confirm the mobile account activation date.
This means that if the SIM card was recently activated, the service provider being targeted by the scammer who has stolen your SIM will be immediately notified and able to take fast action. Fraud usually happens at night when you’re sleeping and not looking at your phone, which makes the ability to act quick incredibly important.
Download our white paper
Mobile authentication keeps you and your customers, as well as their accounts, protected. To find out more, download our white paper, “Mobile Authentication: The Future of Mobile Security and User Engagement”.