SIM Swapping Victim Sees Over $200K Stolen from Bank Account.
SIM swapping scam happens when scammers contact your mobile phone’s carrier and trick them into activating a SIM card that the fraudsters have. Once this occurs, the scammers have control over your phone number. Anyone calling or texting this number will contact the scammers’ device, not your smartphone.
This is known as SIM swapping scam, and it means scammers could potentially enter your username and password when logging onto your bank’s website. The bank will then send a code by text two-factor authentication to your smartphone number, a code that you’ll then have to enter to access your online account.
The problem? After a SIM swapping, that number now goes to the smartphone or other device possessed by scammers. They can then use that code to enter your bank account. A SIM swap scam happens when criminals take over control of your phone by tricking your carrier to connect your phone number to a SIM card in their possession. These scammers basically take over control of your mobile phone’s number.
To steal your number, scammers start by gathering as much personal information on you as they can find and then engaging in social engineering. First, the scammers call your mobile carrier, impersonating you and claiming to have lost or damaged their really your SIM card. They then ask the customer service representative to activate a new SIM card in the fraudster’s possession. This ports your telephone number to the criminal’s device, which contains the scammer’s own SIM card. Once your carrier completes this request, all phone calls and texts that are supposed to go to you will instead go to the scammer’s device.
Scammers might send you an email claiming to be from your smartphone provider. This email might say that you need to click on a link to keep your account open. When you do, you’re taken to a new page that asks you to provide personal information, including your name, birthdate, and passwords. Maybe the page even asks for your Social Security number. Once you fill this out and click “Send,” you’ve given the scammers access to the information they need to trick your mobile phone carrier into a SIM swapping scam.
Other scammers trick you into clicking on email links that fill your computer with malware that records your keystrokes, including any passwords or security question answers you type. Again, this provides the fraudsters with the information they need to pull off a successful SIM swapping scam. Fraudsters might also buy your personal and financial information on the dark web. This, too, would arm these cyber criminals with the information they need to successfully work their sim swapping scam.
Once scammers provide your smartphone providers with the information they gotten from you or the dark web, they use it to convince your provider to switch your number to a new SIM card.
These criminals then gain access to and control over your cellphone number, something that fraudsters can use to access your phone communications with banks and other organizations, in particular, your text messages. They can then receive any codes or password resets sent to that phone via call or text for any of your accounts. And that’s it: They’re in.
How do they get your money?
They might set up a second bank account in your name at your bank, and because you’re already a customer, there might be less robust security checks. Transfers between those accounts in your name might not sound any alarms.