Seamlessly porting a mobile number to another device as a form of fraudulent account takeover has been one of the network provider’s biggest challenges in the first half of 2020. IT specialists from the country’s leading telcos have admitted that their subscribers are not fully aware of primary precautionary measures on how to avoid modern theft, specifically the SIM swap fraud.
Once the mobile number fraud is successful, your social media, banking, and gaming accounts will potentially be compromised. Facing the reality of national health issues has been used by the scammers to send fake messages and deceptive phone calls. Hence, every subscriber is prone to this deceitful act as they come and go easily even on the simplest things that we do on our devices.
SIM-jacking a.k.a the SIM Swap Fraud
As a form of cybercrime, the so-called SIM-jacking is a type of takeover of another user’s account fraudulently that mainly targets its two-factor verification. This takes place in the second step where an SMS or even a call will be made to a particular mobile number. Once the hacker successfully authenticates the number that was sent, the owner will lose access to his or her number.
According to Smart Communications, there are individuals who are trying this tactic *(also known as SIM takeo-vers) with their customer service or retentions specialists that take advantage of this cybercrime. This is similar to a virtual method of a ‘budol-budol’ where the hacker charms a user by the most recent or common transactions as the reason for their call or message. These fraudsters will lay down a history of transactions that took place on that number notwithstanding its truthfulness.
Social engineering technique is the primary method of how a hacker can claim your mobile number into another SIM card. In ordinary cases, this is legally used by representatives on the provider’s physical store located in a mall or anywhere once a user has lost the device where the SIM card is when it’s robbed or stolen This process is also allowed once a subscriber is switching the network’s provided service into another device.
The best way to know that you have been affected by the fraudulent activity is when you completely lost your network’s service on your gadget. You will also receive an SMS telling that the SIM-jacking has been successful. It will also ask you to reach out to a customer service representative if you didn’t allow to make changes to your account.
However, you will no longer be able to use your smartphone to contact anyone else as the bars on the upper left part of your screen has run out. For Smart subscribers, you will be asked by the hackers to send ‘GET PIN’ to 7927 as it will generate a one-time unique passcode to transfer your number into the new SIM card that they possess. Once the new SIM number gets activated, your SIM where the old is installed will be deactivated.
Social engineering and how SIM-jacking becomes successful
The fraud made by any culprit starts with the details of a subscriber being used against him or her by email, a simple text message, or a phone call. Messages or calls that are sent to a subscriber is an attempt to collect the personal details of the customer such as their email, address, transaction history, passwords, or even bank account details. Take note that these details are necessary before the transfer process between SIM numbers goes through.
Through social engineering, a subscriber is psychologically manipulated to divulge a set of private information in the context of data security. Fraudsters are using a ‘confidence trick’ that will make them accessible to these details before completing the process. These tricksters can take advantage of the step-by-step ‘four-vectors’ of social engineering to be successful.
First, the SIM-hijackers will be using the ‘phishing’ method once they can target a victim. Subscribers will receive an email to warn them of a ‘malicious transaction’ made into their number that will force them to make the switch. This usually takes place from a week up to a day before the culprit will communicate with the subscriber.
Fraudsters will now make use of ‘smishing’ where a subscriber will use multiple SMS messages. From here, they will further convince the subscriber that a certain transaction remains suspicious which will make them lose access to their current number. Messages will contain details such as the date and time as well as a certain amount for them to consider proceeding with it.
The next step on their social engineering lure is coined as ‘vishing’ or also known as the ‘voice phishing’. It is a criminally-inclined practice that uses a ‘voice command’ to obtain their verbal agreement of the transfer of a number from one SIM card to a new one. This will be made by the culprit once the subscriber resists or not respond to their emails or SMS messages. Accordingly, they will be using landline numbers to call their victims which will make their call more likely a ‘legit customer service representative’ conversation.
Lastly, they will be proceeding to their ‘impersonation’ scheme where they will make themselves look like relatives, friends, or even a superior from where a user is employed. They will be using a ‘pretext’ to create a scenario that creates a matter of urgency to agree with switching their numbers. It increases the chance taken by the scammer so they have to research before their calling and texting.
Related articles
- Should you cover your webcam? Here are 5 easy ways on how to avoid ‘spying’
- The danger of mishandled information and why privacy does matter
- Why you shouldn’t participate in the TikTok Invisible Challenge
One of the best-case scenarios that are rampant in 2020 is when a certain human resource person informs an employee to do the SIM swap as required by their company. Some account executives who possess a postpaid plan from a provider which are linked to certain bank accounts where company funds are deposited are.
Once the switch happens, hackers will now be able to access the online banking account of the company. Take note that once a password reset is requested, a four or six-digit verification code is sent to the number to legitimize the request. Hackers will now be free to transfer the funds from the company’s bank account into their own.
In countries like Nigeria and India, hackers are more likely to use the voice phishing method as porting the number from one SIM to another is as simple as pressing the number 1 button on their device keypads. There are also incidents that employees from a network provider are bribed to make the transfer between SIM numbers, especially in the United States.
Technically, speaking the phone of the victim will lose instant access to the network where the SIM card is linked. The hacker’s SIM will now be the recipient of all voice calls and SMS that are meant for the victim. They will now be able to intercept all one-time verification passwords to circumvent the security measures of the network or the device itself.
Protect your SIM from hijacking: easy ways to do it now
There were documented incidents that were SIM-jackers are recruited by retail companies to get access to the protected accounts of its users. This will create more sales plus more subscribers on their behalf. Accordingly, our mobile numbers were never created to confirm or legitimize the user’s identity and permit any recurring transaction. This feature was imposed on our mobile numbers as network providers never intended to sell our identity.
Nevertheless, there are various steps that you can use to defend your SIM number from deliberate hijacking. Thus, you can avoid the chances that a hacker can use your identity to account for virtual theft. Here are some of which you can do right after reading this article.
Setup a PIN code for your online accounts
Establishing a passcode for your online account is a feature that most online stores and websites offer. Its primary purpose is to add an extra wall of security before hackers can compromise your online account. If there’s no PIN code support, you may use a two-factor authentication via SMS. Locally, all bank accounts require sending a passcode to your number to confirm it. It may be a burden to remember a unique PIN for this layer of protection but your effort will be worth it.
Get a Trusted Authenticator App
Getting a stronger two-factor verification sounds repeatative but it is better to be safe than sorry. Linking your account to an authenticator app sounds tiring but it gets your account security secured twice. There are several trusted third-party apps that you can use for this purpose such as Authy and Google Authenticator. Who doesn’t like a thicker wall to protect yourself from thieves? This time, a virtual wall against an online thief.
The good news about this is that getting an authenticator app ties not only your SIM number to your online account but also your mobile device. It will generate a four or a six-digit code that can be used for just 30 seconds up to five minutes. It remains sync with your device no matter what network provider you wish to stay with.
Get an extra private number
Regardless of the tough measures that you can set up for the security of your online account, hackers can get their way through. This goes back to using a SIM number as part of the verification process to legitimize a transaction. As sensitive as the whole process is, one way to keep your account secured is to use another number to authenticate the transaction.
This means that you can get an extra number that you can keep a secret which you can link to your online account. Some numbers that you use in recorded transactions can be used against you. If the mobile number that you frequently use is published on your company’s contact list or even on your social media platforms for online sellers. This ‘secret number’ that is known none other than by yourself will be used for your two-factor passcodes.
Your account security goes back to you
Developers have decided that our SIM numbers are the best way to secure our online accounts. But as it turns out, it is actually not as secured as it should be. This means that people should stay vigilant at all times. When your smartphones experience connection issues, call your network immediately. If you preempt the SIM swap fraud, the sooner you will prevent illegal transactions to occur.
Once you have received messages, emails, or calls from strangers telling you to switch numbers, immediately contact *888 or their chat support for better assistance for Smart subscribers or (02)7730-1010 for Globe subscribers. Take note that customer service people will never require you to tell them one-time passcodes that will be sent on mobile phones.