This is an identity theft that has claimed the savings of too many people, and about which operators must get very serious.
The SIM swapping scam is a method widely used by cybercriminals and has increased in recent years. It consists of accessing the victim’s bank accounts or social networks by means of a duplicate or cloning of the mobile SIM card. Operators are trying to put an end to this fraud, but there are several reasons why they are finding it difficult.
In the United States, for example, the Federal Communications Commission implemented a new rule last November requiring all operators to ensure customer authentication methods. It also forced companies to always notify customers when their phone number is moved to another device.
In Spain, on the other hand, companies are also interested in ending this scam, since it has cost four large telecom companies significant money. A couple of years ago, the Spanish Data Protection Agency (AEPD) fined Movistar, Vodafone, Orange and MásMóvil for doing nothing to stop this practice. More recently, Digi has earned several fines for providing SIMs to scammers.
Having said all this, and despite the fact that operators are trying to get their act together, there are several loose nails that continue to allow scammers to run this scam.
Convince your own employees
In order for a scammer to obtain a duplicate SIM card, they must convince an employee, either in a physical store or through a switchboard, that they are the owner of it. To do this, they may have previously obtained the victim’s data from the Internet or having carried out phishing with which to obtain the victim’s name, ID or address.
However, scammers usually try to do this in another way, much more effective than trying to trick the customer service worker.
In reality, many criminals simply try to convince some of these employees to take part in the scam. It must be taken into account that, in many cases, operators use staff relocated to other countries, such as Latin America or Asian countries.
In this way, at the time of having to carry out a procedure such as changing SIM, perhaps the person on whom we depend is a worker with a very low salary and a precarious situation who, if questioned by a criminal gang, You could collaborate with them by offering to hand over the phone numbers in exchange for a reward.
In Spain, the Civil Guard arrested earlier this month seven scammers accused of stealing up to 3,381,000 million euros through SIM swapping. Its base of operations was in Venezuela.
In recent weeks, workers from the US operators T-Mobile and Verizon have reported having been contacted by cybercriminals asking for help in these schemes in exchange for a certain amount.
Implement greater security controls
In the United States, a recent case serves as an example to explain this problem of collaborations between operators’ workers and criminals. However, and speaking specifically of this country, customers who have tried to sue the operators have not been successful in legal proceedings, since identity theft is considered a risk to be taken when accepting telephone services.
Therefore, operators face two problems. One is to be able to correctly authenticate customers when they request a SIM change using the best technology available. This, above all, taking into account that these processes are now done online, making identification more difficult than through an in-person service. The other is to ensure that employees do not have sufficient incentives to take risks and collaborate with criminals.
