Sim card scam can lead to ‘tidal wave of fraud’

Mobile phone users who lose service or receive unexpected messages about their Sim Card or PAC code should take urgent action to protect themselves from a potential ‘tidal wave of fraud’.

Sim-swap frauds, which include hijacking a person's mobile phone number and transferring it to a new sim without their consent, are increasing nationwide.

Once fraudsters have access to a phone number via a Sim swap, they can lock out the lawful owners, intercept messages, and reset passwords.

This can then enable them to hack into online banking apps or even make credit applications in the name of their victim.

Indeed, any account where a mobile phone number forms part of the security and signing in process is at risk following a successful Sim-swap.

For that reason, anyone who experiences any of the below three red flag issues with their mobile phone is urged to call their network provider and bank as soon as possible using a verified contact method.

They should not engage with any contact or action requested within the message, call or email received.

• Any unexpected calls or messages about sim card
• Any unexpected calls or messages about their PAC code
• Any prolonged and unexpected loss of service.

Anyone with a Legacy email account or any email that they have had for a long time should be particularly vigilant as they are most targeted by hackers as often login credentials are years old and have not been updated and secured by the user.

Hackers will use compromised data or weak passwords, often on the back of a data breach that can consist of login credentials, email addresses and other personal data needed to successfully impersonate victims.

If a password has been used for several years and reused are most vulnerable and can lead to the network provider account, email, and all linked accounts to become hacked.

All mobile phone users, however, can take the below immediate steps to protect their security with their network provider online account, email, and all other linked accounts. These are:

• Create a strong, separate, and random password by using 3 random words – for example Read421-Plants-!Treasure. It’s important not to reuse the same password, write them down and/or use a password manager to help you manage them.
• Turn on 2-Step verification. This means that even if hackers have your password, they still can’t access your account. Review each online account settings to enable this feature. Authentication apps are a great option to manage this.
• Contact your provider to ensure all available protections are in place, both online and over the phone.
• Never share a network One Time Pass Code

Kirsty Jackson, Cyber Protect and Prevention Officer at Nottinghamshire Police, said:

“Our mobile phones have become such a prevalent part of our lives that it’s not surprising they are being targeted in this way.

“Because mobile phones are increasingly used as a means of securing our online accounts, they are now a more appealing target than ever before. This has led to us having an increase in calls and reports nationally and in particular across Nottinghamshire.

“If Criminals gain control of a mobile telephone number, then the victim could well find themselves exposed to a tidal wave of additional fraud and hacking offences, often with an impact on them financially. The impact can leave victims inconvenienced and exposed to a mix of emotions often linked to a physical burglary.

“It is important that people understand this and take action to protect themselves.

“It may seem inconvenient to spend time changing passwords and enabling 2-step verification, but it’s a lot easier than unpicking the damage caused when criminals are successful in accessing our accounts.”

For more information on how to secure your online accounts, please visit: www.ncsc.gov.uk/cyberaware/home

If you are a victim of a cybercrime, please report to Action Fraud to have local assistance from our Cyber Protect Officers here at Nottinghamshire police. Forward suspicious emails to [email protected]

Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad). Report all other Fraud or Cybercrime to www.actionfraud.police.uk/ or call 0300 123 2040