In this age of technological advancement, communication has become a major component of our daily livelihood and survival but little do we know that it is also a major threat to our financial stability and personal safety. To get started, let’s take a look at Sim Swap Fraud.
Now, many of you may have heard much about Mobile Money fraud and Digital Financial fraud hitting people and institutions of late. Then again, of individuals being locked out of their Social Media accounts.
This is as a result of one major hijacking tool called SIM Swap.
WHAT IS A SIM SWAP?
A SIM Swap is basically a hijack where a perpetrator convinces your carrier or service provider to switch your phone number to a sim card they already own thus transferring services from your provider to another sim card, sometimes without your prior knowledge or suspicion.
This kind of fraud allows hijackers to divert all and any related telecommunication services form your provider to their end including SMS, MMS, Emails, Phone Calls etc. And as these are basically our everyday life communication means, our very details and personality is on the compromise.
Many kind of attacks could happen through this and it all depends on the creativity of the attacker – which I would advise you never to test or call a bluff.
WHY SHOULD I WORRY ABOUT A SIM SWAP FRAUD?
It’s quite difficult to detect and identify a SIM Swap fraud before it happens. Most victims often find out that they have been compromised when they try to make a call or send text or log in to a social media account and post online. Once the hijacker swaps a SIM Card, messages and calls are partly and/or completely hindered for the victim.
Supposing I were to be an attacker, an easy example of making quick money using a SIM Swap fraud would only require an initial information as your full name, date of birth, account number, phone number and probably your email address – all of which are public information and have no obvious level of security. But then hold on to your hats.
Flashpoint, a company specializing in Business Risk Intelligence have revealed that major accomplices to this kind of fraud are Sim Card Vendors and/or Mobile Shops Retailers which are mostly the same people as our Mobile Money Vendors and Agents in West Africa (specifically Ghana).
These people also register newly acquired clients to mobile service providers by Sim Card Registration and have secondary access to all details necessary for personality authentication.
With your phone number, date of birth and full name I could perform a SIM Swap, move forward to gaining your electronic mail access. Then with access and control of these two resources easily and painlessly infiltrate your Online Banking Account and rip you of all your money.
This is just a simple way a SIM Swap can be done but the effect is not as simple as the crime which would not require more than a day or two to fully accomplish successfully.
HOW DO I MITIGATE THIS RISK AND SECURE MYSELF AGAINST SIM SWAP FRAUD?
SIM Swap fraud has actually been around for a decade or more and still is on the rise in major parts of India, Pakistan, US, Africa, Asia and many parts of the world.
However, the mitigation methods have been around for as long as SIM Swap fraud has been and very few people if not less have been conscious of these means and effected them.
Set up a Sim Pin or a Sim Card Lock: This is the most basic and simplest method of all as it requires not less than two minutes to effect. It basically requires you to set up a Pin Code on your sim protecting it from theft and unknown authorization. In the event your sim gets misplaced or stolen, it is rendered unreadable without the correct Pin input protecting your information from unauthorized access.
How to set up a Sim Card Lock (for Android Users and Similarly IPhone Users):
Scroll down to Security
Select Sim Card Lock
Select Lock Sim Card
Insert your PUK Code found on your Sim Starter Pack to activate Sim Card Lock (This can be found written by your Phone Number on the bigger Card in the starter pack)
Select Change SIM Pin and you are good to go.
Use an Authentication App: On Google Play Store, you can download the Google Authenticator, an app that produces random authentication codes every minute to be used for web-based platforms and mobile application authentication. There are many others like this. It does takes a bit of phone memory space but a small price to pay for safety.
Take Extra Precautionary Measures
If you are someone who likes prefers Mobile Money transactions due to speed and ease, set a limit on your frequency of withdrawal and level of withdrawal. Do not withdraw or transfer too much from the same vendor at the same time, on the same day or even consecutively on a daily basis. Enact high monetary transactions at the banks.
Reduce your screen backlight significantly to prevent nearby persons “spy” unto your conversations and operations on your phones. This prevents them from picking up on your passwords and secure codes.
Use an earpiece to answer calls in public. This does not only save you from phone snatchers, but also prevents people from eavesdropping on your conversation and picking up on sensitive information you may give up. Never answer your phone calls on loudspeaker and always wait till you are in the comfort of your privacy before you make sensitive phone calls.
Having two or more phones/sims is not really a bad idea. You can restrict your banking information and social media accounts authentication to a particular phone number which only you may know and should know.
Written by: Jeffrey Antwi Amoah
Edited by: Perry Tintin