The United States authorities have detected an increase in SIM swapping cases. It is a fraud based on social engineering that allows criminal acts to be carried out. That is why it is important to know it, to know how it works and to put into practice a series of recommendations so as not to be victims of criminals.
What is SIM ‘swapping’?
SIM swapping or SIM exchange consists of duplicating the SIM card of cell phones. A SIM card or subscriber identity module –from English Subscriber Identity Module– of mobile phones stores the telephone number and access codes of the client of a telephone company. Hence, it has become a very appetizing component for friends of aliens.
How are SIM cards duplicated?
The danger of SIM swapping is that it is not necessary to physically access a mobile device to duplicate a SIM card. To this end, criminals contact the customer service of telephone operators and pretend to be legitimate users.
If they achieve their goal, they will get a new SIM card and will be able to access the confidential information stored on it (contacts, passwords, bank details, etc.). In this way, they will hijack the victim’s phone line and use all their information to, for example, request new passwords and receive verification codes in order to access their online banking service.
Regarding how to detect if you have been a victim of SIM swapping, Camilo Gutiérrez Amaya, head of the ESET Latin America Research Laboratory, explains that “the first indication is the loss of network signal on mobile phones. This is because when criminals activate the SIM card in their devices, the legitimate user’s line is automatically deactivated.”
How to prevent duplicate SIM card?
In order to prevent duplicate SIM cards, it is advisable to put the following tips into practice:
- In the event that there is an interruption of the abnormal telephone line, said irregularity must be brought to the attention of the company as soon as possible.
- Similarly, when communicating with the operator it is very important to request that the status of the SIM card be checked.
- Companies do not ask to share personal data over the phone, text message services, or email. In such situations, contacting the legitimate entity will help prevent potential phishing scams.
- Do not use easy-to-remember dates or numbers as a PIN code or verification code.
- If possible, avoid SMS two-step authentication and instead use options like a standalone authentication app.
- Destroying confidential printed information securely helps prevent SIM swapping and dumpster diving.
- Finally, any suspicious movement in the account must be reported to the bank without dela