New 'SIM-splitting' scam: what it is and how to keep safe

Rights, Scams and Politics

07 May 2017 | 3 Comments

Scammers have found a way around your bank’s online and telephone security by hijacking mobile SIMs and are stealing thousands of pounds. Here’s what you need to know.

Criminals are hijacking people’s mobile phones to divert calls and texts from their bank to a different handset.

The scam known as ‘SIM-splitting’ allows fraudsters to use information gathered from the text messages and calls to help them steal large sums from bank accounts.

You may not even realise you’ve been robbed until you discover your bank account is empty.

In the US financial regulators have issued a warning that text messages shouldn’t be used by banks as part of their security process as they simply aren’t secure enough. But, in the UK several banks, including Santander, Halifax, Lloyds, TSB and Tesco Bank still use them.

How it starts

SIM-splitting starts with criminals gathering as much information about you as possible.

This might be by intercepting your post, hacking your emails or buying data about you that is being sold on the black market.

They then combine this illegally obtained information with things they can easily find out via your social media accounts such as your first school, pet’s name and the names of your relatives.

This means they have information that is likely to be the answers to your security questions, and could help them guess your passwords.

The next step may be to call you posing as a worker at your bank, or utility company, in order to get even more personal information from you.

How they hijack your mobile

Once they have gathered all this information they call your mobile phone company and pretend to be you.

They are easily able to pass the security process using what they’ve learnt about you. They may change your passwords and address before informing the company that your mobile phone has been lost or stolen.

At this point they use one of two options. They either ask for all your phones and texts to be diverted to another number that they have or they ask for a replacement SIM to be sent out, which they then put into a handset in their possession so that they can receive all the texts and phone calls that are meant for you.

How money is stolen

While they are hijacking your mobile phone account, they will also be setting up a fraudulent bank account in your name. This usually means they open a business account with your current account provider.

“Opening a business account is subject to less stringent security checks once an individual has a current account with a bank and helps make any transfers of money in the future less suspicious,” says Action Fraud, the Met Police’s specialist fraud unit.

Once they have control of your mobile account and the business account is set up they start transferring money out of your other bank accounts into the business account.

Then from there they can transfer the money wherever they like, and if text messages are sent to confirm the transfers, or the bank decides to call you, they’ll get through to the criminal who poses as you.

After the fraudsters have stolen all your money, they simply destroy the SIM card so it can’t be traced and disappear.

Check your credit report to spot signs of ID theft

How to protect yourself

If your bank sends you text messages to verify banking transactions you need to be on your guard against this latest scam.

Watch out for loss of signal on your handset and get in touch with your network if it goes on too long.

Keep your anti-virus software up-to-date and your firewall switched on. That stops fraudsters being able to remotely access your computer or install a virus that gives them access.

Be careful what you download onto your computer. You could accidently install trojan horse software that allows a hacker to access your computer and steal sensitive information.

If you do discover a virus on your computer, “disconnect from the internet immediately and ask a specialist for advice,” says Action Fraud.

Use complicated passwords that use upper and lower case, numbers and symbols. Also, avoid passwords that contain personal information.

Set up a variety of passwords across your accounts, so if one is breached the criminals won’t get access to your other accounts.

Be careful what you post on social media. Try to avoid putting up information that you are also likely to use as answers to your security questions. This could be your first pet’s name, date of birth, or first school. If fraudsters get hold of this info, they can use it to reset your passwords.

Sign up to our newsletter for a chance to win £100 every day

Keep safe with loveMONEY:

PayPal scams – how to stay safe
Microsoft 'account is at risk' email scam: how to stay safe
How to keep your money and personal information safe: insider tips from a hacker

Comments

Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.