A SIM swapping scam is where a criminal, posing as you, contacts your mobile phone company and asks them to transfer your number to a SIM card on a different device, which is in their possession, or move your number to another network by requesting the Porting Authorisation Code (PAC number). They do not control your phone but can now receive calls and text messages intended for you. This means they can access two factor authentication and one time password (OTP) codes which can allow them to login to your social media, banking, and shopping accounts.
You may wonder how the scammer gets through the security questions at the phone company? By stealing the information needed to impersonate you via unsolicited emails, texts or phone calls (phishing) and researching you closely on social media to discover information that reveals your passwords. According to an investigation by independent consumer rights company Which? mobile phone providers have stepped up security to make the scam harder to pull off, but criminals are still finding a way in.
How to spot a SIM swapping scam:
- You unexpectedly lose service and cannot send or receive any calls or texts- this may be a sign that there is an issue
- You get notified by your phone company of your SIM card or phone number being activated on another device or a request for a PAC code. In both cases, this can only mean that another person has your information
- You cannot access certain accounts - if you notice that the passwords you are using do not work for several accounts, even though you are certain they are correct, this could be a sign of a hacker gaining access to this data
- Transactions start to appear in your bank account or online shopping accounts, that you do not recognise.
How to prevent a SIM swapping scam
- Never give personal information over email and under no circumstances click on links asking for them. Legitimate companies and service providers, such as mobile phone companies, have no reason to request your personal details. Report any emails that may look suspicious to your mobile phone provider but contact them on the number included on their official website
- Do not reveal any information on social media that is related to your passwords or recovery questions. Scammers can use social media to easily discover information to answer common security questions, such as first school, mother’s maiden name or siblings names. Change your passwords if your information is already public on social media. You can also choose to use the ‘wrong’ but nonetheless memorable information for your security passwords, so your first school could become ‘Hogwarts,’ for example
- Remove your phone number from websites that use it to reset/recover your password. Instead, choose authenticator apps which you can download for free, and that are connected to your device, not your number.
How to report SIM swapping fraud
- Report it to your mobile provider immediately
- If the SIM scam happened on a work phone, inform your IT department
- Inform us immediately, even if your bank account has not been accessed or compromised
- Report the scam to Action Fraud, the reporting centre for fraud and cyber-crime in England, Wales and Northern Ireland:
- Call 0300 123 2040 Monday to Friday 8am - 8pm
- Use the Action Fraud online reporting tool
- Contact us via email at webfraud@alrayanbank.co.uk
- Contact the Police on 101