Criminals are increasingly using the SIM Swap scam around the world, based simply on transferring a person’s phone number to another SIM card. In other words, the harmful action basically consists of exploiting the procedures for exchanging (“swap”, in English) a telephone number from one SIM card to another, which are carried out together with the telephone companies.
The coup takes advantage of structural flaws that also exist in operators in Brazil. For criminals, it is enough to have a new SIM and the victim’s personal information, which is obtained in different ways, including illegal forums on the internet. They are given as full name, RG, CPF, address, name of parents and so on.
Having this information, the scammers contact the operator pretending to be the person and request the exchange for the new chip. Even with a security check by the telephone company, criminals manage to circumvent, informing the real data previously collected and convincing the attendant.
From there, the thieves have access not only to the person’s calls and SMS messages, but also to various applications and services – among them, social networks and the WhatsApp messenger. In turn, the victim also has his cell phone not working for calls or mobile internet, and often will only realize the problem when it is too late.
Almost always, this scam makes use of social engineering (the crooks pretending to be the victim and presenting real data to the operators of operators). In addition, the SIM Swap scam is carried out from anywhere, without the need for a complex structure for criminals and without having to have the victim’s cell phone in their hands.
Phishing campaigns can be used by scammers to obtain personal data. However, thorough analysis of the person’s social networks are also very common ways to get valuable information.
Going beyond the loss of the phone line
Losing access to your social networks and messenger are very serious problems caused by SIM Swap. When scammers impersonate you on these media, they can start asking your family for loans, or even trading products through your Instagram or Facebook.
There is also the risk that criminals can gain access to banking applications installed on your cell phone, with the possibility of even making purchases in applications from websites where your credit card is registered. Much of this thanks to authentication based on validation codes sent to the customer via text message or phone call.
Necessary precautions against SIM Swap
As the cybersecurity company Perallis Security brings, there are precautions that must be taken against the SIM Swap scam. One of them is being very attentive to the phishing campaigns you receive via email.
Also, never use double authentication by SMS or by phone call (and it is good to be suspicious whenever you receive this type of contact). It is recommended to make use of tools and programs that generate random one-time passwords, which can be obtained through an application installed on your cell phone.
WhatsApp already has its own feature that allows you to protect your profile with an additional password as well. Also, see here how to enable WhatsApp two-factor authentication. You also need to be very attentive to your information on social media, being careful about what you post about yourself and people in your family.
Another important security point is to always keep your PIN and PUK codes – those numbers that are hidden behind a “scratch card” on the cards that come with your chip. They can be used to add an additional layer of protection to your SIM by blocking the phone line in cases of dire need.
Have you watched the new videos on YouTube from Olhar Digital? Subscribe to the channel!