Mar. 27 2019 (Courtesy of CBC.ca) – As Fraud Prevention Month draws to a close, Edmonton police are warning of a new scam that recently popped up in the city: SIM swapping.
SIM cards, also known as subscriber identification modules, are used by cellphone carriers to store information on servers about a subscriber’s identity.
The SIM card switch can be done remotely and doesn’t require the physical phone that’s being targeted.
Fraudsters will often use the cellphone provider’s online chat options or a phone call to make the switch but they require some level of personal information for the person targeted.
This data can be collected with malware, phishing attacks or even through social media, police said. A lot of times the scammers may even cold call, said Det. Linda Herczeg with the economic crimes section.
“They randomly select a number and if someone answered the phone they might say, ‘Hi, is Julie there?’ ‘Oh no, this isn’t Julie, this is Anita,'” Herczeg said. “So they’ve got a number and they’ve got a name. Then they just start digging for information. It might just be totally random, it might not be targeted — it’s opportunity.”
Because the fraudsters are using online chat options police were unable to track where the activity originated.
When the SIM card is swapped the victim’s phone will still be usable, especially if it is connected to wifi, but phone calls can’t be made or received. Once the phone is reset it may begin to make calls again but the fraudster could now have access to the new SIM card and all the information on it.
The small chips can store a lot of information, Herczeg said.
“With the SIM card, that data is stored in a server in a warehouse somewhere. So the information that goes on to the SIM card is text messages, a lot of service providers are going away from [that].” Herczeg said, “But we do know that all of your contact information, phone contact, addresses, all of your app information is held on the SIM card.”
Edmonton police shared the story of a woman named Patricia Visser who had her bank account drained. Her daughter noticed money missing from her account when she called her mother using WhatsApp to find out what was going on.
Visser then reached out to her bank but her phone wouldn’t connect the call until after she restarted it. Her bank was able to reverse a transfer once she got in touch with them and put a stop to the fraudulent activity.
Her cellphone provider said someone had been able to provide a number of identifying details via their chat option when they requested a new SIM card.
She went two weeks with no access to her accounts and had to change all of her logins and passwords.
Herczeg said EPS have had three reports of SIM swapping but believe there could be more people who have fallen victim to this sort of crime.
Service providers, utility companies or banks will never ask for personal or account information via email or text message, police said.
In 2018, 360 online scam incidents were reported to police with an overall loss of $1.2 million.
Tips on how to prevent SIM swapping
- Create a PIN on your mobile phone account
- Do not publish your phone number on any public social media profiles
- Review credit card bills, bank statements and phone bills
- Do not use the same passwords or usernames. Make them long, complicated and difficult to guess
- Consider not using the remember card/username option on financial apps
- Do not click hyperlinks in text messages or emails that come from service providers, utility companies or banks