Verify

Verify and validate customers globally using their phone number.

Velocity

Discover the network provider for every mobile number globally.

Authenticate

Protect customers, accounts, and transactions within your app.

Live

Discover if a mobile number is assigned to a subscriber.

Score

A real time phone number credibility score.

TeleShield™

Identify if a number has the propensity to be used for fraud.

Banks and Financial Services
E-Commerce
Insurance
Mobile Messaging
Gaming & Gambling
Communication and Service Providers
Identity & Verification Providers
eBooks
News
Developers
Viteza
FAQ
About us
Events
Careers
Contact us
Articles

Why this Simswap story is a wake-up call

Fergal Parkinson

6 min read
An article on sim-swap fraud awareness featuring a sim card.

There are lots of stories around about various financial scams these days – you can find a new one pretty much every day. But some stand out and gain greater traction so they end up being noticed by millions.

One of these was the recent story of Charlotte Morgan, a young Londoner, who in late August went, as she often did, to work out at her local gym in Chiswick, west London.

She was in celebratory mood as she arrived as she’d just landed a new job. But that joy soon turned to despair as she finished her training session and went to leave: her locker door was ajar and her rucksack was gone.

She soon found out that this had happened to other gym users too: it was an organised theft.

As well as other possessions, Charlotte had lost her phone, her bank card and her door keys. But being locked out of her flat and being unable to release her bike where it was chained to railings outside, it soon became clear, were the least of her worries.

Within hours the thieves had gone on spending sprees around London, spending £3,000 in one Apple store alone, thousands more at other shops.

Once she realised that she had been targeted in this way – not easy when you suddenly have no phone to communicate with, no card to pay for travel or goods with and can’t get into your own home to access other computer equipment – Charlotte was initially partially reassured that all the thieves would be able to take was what had been in her current account.

But the reality was to prove far worse. It soon emerged that the thieves had somehow been able to bypass all the security settings on her phone – and had raided not just her current account but her savings. And within just a few hours they had taken the lot. Thousands of pounds that she had worked hard to accumulate over years had been stolen. .

She was understandably shocked and devastated – but also mystified.

Because it had never occurred to her that just by stealing her handset thieves would be able to attack her so grievously, believing she was further protected by PIN numbers to activate the apps on her phone.

It wasn’t until later that she found out how they had done it.

Charlotte explained: “ A bank security expert explained to me how the scam is likely to have happened. Once the thief had my debit card, they didn’t need my smartphone — just the Sim card, which can be popped out of the side and inserted into another phone.

“This bypasses thumbprint security and facial recognition. It’s the digital equivalent of an open window in a house.

“Once into my account, the thief could reset the PIN online, and then change all my banking security passwords. It’s shockingly easy. I think the thief was able to do it in the taxi from the gym to the first Apple store.”

This is almost certainly what did happen and, if asked, I would have offered much the same explanation.

Swapping Sims between handsets is very, very easy to do – with devastating consequences.

how can businesses protect themselves from sim swap attacks?

Sim swap attacks are a significant threat to businesses as they can lead to unauthorised access to sensitive information and accounts. To protect themselves from sim swap attacks, businesses can implement the following measures:

  1. Employee Education: Educating employees about the risks and warning signs of sim swap attacks can help prevent successful attacks. Training employees on cybersecurity best practices and the importance of safeguarding personal information can reduce the likelihood of falling victim to social engineering tactics.
  2. Multi-Factor Authentication (MFA): Implementing strong multi-factor authentication mechanisms can add an extra layer of security. Using MFA methods that do not rely solely on SMS-based verification codes can help mitigate the risks associated with sim swap attacks.
  3. Regular Security Audits: Conducting regular security audits and assessments can help identify vulnerabilities that could be exploited in sim swap attacks. By proactively monitoring and securing their networks, businesses can prevent potential security breaches.
  4. SIM Card Locking: Encouraging employees to contact their mobile service providers and request a SIM card lock can help prevent unauthorised SIM swaps. This additional security measure requires employees to provide a unique PIN before any SIM card changes can be made.
  5. Monitoring Account Activity: Monitoring account activity for any unusual or unauthorised changes can help detect potential sim swap attacks early on. Promptly addressing any suspicious activity can limit the impact of such attacks.

How mobile data can protect from sim swap attacks

We at TMT can spot a Sim Swap – as this scam is known – because the unusual transaction patterns that inevitably follow it are a tell. When someone like Ms Morgan has been a prudent saver for a long period we can see that previous history – we don’t expect to see them raiding their savings account at night for thousands of pounds in repeat amounts – and so that becomes an instant red flag.

Of course Sim Swap can and does take place constantly for legitimate reasons. Just last week I got a new iPhone myself. I did my back up, changed my Sim over to the new handset and it immediately replicated my old homepage and contacts. The ease with which this happens is one of the major reasons people stick with the same phone brand, Apple or an Android rival, from one contract to the next.

Our security protocols would have been able to tell the difference between what happened to Charlotte and my innocent Sim switch because of the different behaviours around them, one innocent, one nefarious.

However we can only monitor devices in this way if asked by an authorising client company when they in turn have users’ consent. In this case Charlotte’s bank doesn’t appear to have been using such backup security from an independent company like ourselves. And that’s not unusual as this mostly happens only at the point a customer signs up to a new service – the point of onboarding as we call it.

I’m starting to wonder if it might be time for companies like Charlotte’s bank to run such services much more frequently. After all, each check only costs a few pence and the amount they ended up having to reimburse her by alone would have paid for hundreds of thousands of such preventative measures.

But it’s not just cost that’s preventing these checks being used more widely, there’s also the question of privacy. While customers are used to being asked to authorise checks at the point of sign up, to having their credit history investigated and so on, they are understandably much more hesitant about agreeing to have their data checked on a more routine, ongoing basis.

So it may be some time yet before there are systems in place permanently to stop thieves targeting the next Charlotte Morgan in the same way.

In the meantime perhaps the best thing you can do is to protect yourself. You can do this by setting a new PIN number to your SIM card itself. This would stop the thieves being able to do a ‘Sim Swap’ without knowing that PIN.

It’s a simple matter, on an iPhone, of going int Settings and tapping “Phone”. Next, tap “SIM PIN” to access this feature. Tap “SIM PIN” to activate it. Your SIM will come with a default PIN set by your mobile carrier which can then replace.

I hope this helps in the short term. In the longer term it would be nice to think that the business world could do more.

If you would like to find out more about the fraud protection services offered by TMT ID drop us a line at info@tmtid.com

Last updated on September 18, 2024

Contents

Related Articles

Hand holding smartphone with sports betting app on the screen against a background featuring an abstract design and text about silent authentication in gambling security article.

William Hill Gambled And Lost: Why The Only Future For The Gambling Industry Is Robust Mobile-Based Security

Exploring fraud prevention infrastructure strategies with Fergal Parkinson's insights on building a robust system.

How to Build A Better Fraud Prevention Infrastructure

An advertisement for an article on passwordless authentication technologies, featuring a computer monitor with post-it notes.

Passwordless Authentication: Exploring Emerging Technologies


What Our Customers Are Saying

"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."

MaxMind

"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”

Business Telecommunications Services

"Working with TMT’s TeleShield service has expanded our ability to detect fraud and minimise the risk to our business. TeleShield brings peace of mind and the opportunity to stop fraud before it affects our customers’ bottom line or the service."

Six Degrees Labs

"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."

LATRO

"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."

Global Message Service

"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."

Global Voice

"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."

Alberto Grunstein - CEO

"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."

Luisa Sanchez - VP of SMS and Messaging Solutions, Identidad Technologies

"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."

Deutsche Telekom Global Carrier

Ready to get started?

We provide the most comprehensive device, network and mobile numbering data available

Contact us > Chat to an expert >