Fergal Parkinson
Published on: November 1, 2022
There are lots of stories around about various financial scams these days – you can find a new one pretty much every day. But some stand out and gain greater traction so they end up being noticed by millions.
One of these was the recent story of Charlotte Morgan, a young Londoner, who in late August went, as she often did, to work out at her local gym in Chiswick, west London.
She was in celebratory mood as she arrived as she’d just landed a new job. But that joy soon turned to despair as she finished her training session and went to leave: her locker door was ajar and her rucksack was gone.
She soon found out that this had happened to other gym users too: it was an organised theft.
As well as other possessions, Charlotte had lost her phone, her bank card and her door keys. But being locked out of her flat and being unable to release her bike where it was chained to railings outside, it soon became clear, were the least of her worries.
Within hours the thieves had gone on spending sprees around London, spending £3,000 in one Apple store alone, thousands more at other shops.
Once she realised that she had been targeted in this way – not easy when you suddenly have no phone to communicate with, no card to pay for travel or goods with and can’t get into your own home to access other computer equipment – Charlotte was initially partially reassured that all the thieves would be able to take was what had been in her current account.
But the reality was to prove far worse. It soon emerged that the thieves had somehow been able to bypass all the security settings on her phone – and had raided not just her current account but her savings. And within just a few hours they had taken the lot. Thousands of pounds that she had worked hard to accumulate over years had been stolen. .
She was understandably shocked and devastated – but also mystified.
Because it had never occurred to her that just by stealing her handset thieves would be able to attack her so grievously, believing she was further protected by PIN numbers to activate the apps on her phone.
It wasn’t until later that she found out how they had done it.
Charlotte explained: “ A bank security expert explained to me how the scam is likely to have happened. Once the thief had my debit card, they didn’t need my smartphone — just the Sim card, which can be popped out of the side and inserted into another phone.
“This bypasses thumbprint security and facial recognition. It’s the digital equivalent of an open window in a house.
“Once into my account, the thief could reset the PIN online, and then change all my banking security passwords. It’s shockingly easy. I think the thief was able to do it in the taxi from the gym to the first Apple store.”
This is almost certainly what did happen and, if asked, I would have offered much the same explanation.
Swapping Sims between handsets is very, very easy to do – with devastating consequences.
Sim swap attacks are a significant threat to businesses as they can lead to unauthorised access to sensitive information and accounts. To protect themselves from sim swap attacks, businesses can implement the following measures:
We at TMT can spot a Sim Swap – as this scam is known – because the unusual transaction patterns that inevitably follow it are a tell. When someone like Ms Morgan has been a prudent saver for a long period we can see that previous history – we don’t expect to see them raiding their savings account at night for thousands of pounds in repeat amounts – and so that becomes an instant red flag.
Of course Sim Swap can and does take place constantly for legitimate reasons. Just last week I got a new iPhone myself. I did my back up, changed my Sim over to the new handset and it immediately replicated my old homepage and contacts. The ease with which this happens is one of the major reasons people stick with the same phone brand, Apple or an Android rival, from one contract to the next.
Our security protocols would have been able to tell the difference between what happened to Charlotte and my innocent Sim switch because of the different behaviours around them, one innocent, one nefarious.
However we can only monitor devices in this way if asked by an authorising client company when they in turn have users’ consent. In this case Charlotte’s bank doesn’t appear to have been using such backup security from an independent company like ourselves. And that’s not unusual as this mostly happens only at the point a customer signs up to a new service – the point of onboarding as we call it.
I’m starting to wonder if it might be time for companies like Charlotte’s bank to run such services much more frequently. After all, each check only costs a few pence and the amount they ended up having to reimburse her by alone would have paid for hundreds of thousands of such preventative measures.
But it’s not just cost that’s preventing these checks being used more widely, there’s also the question of privacy. While customers are used to being asked to authorise checks at the point of sign up, to having their credit history investigated and so on, they are understandably much more hesitant about agreeing to have their data checked on a more routine, ongoing basis.
So it may be some time yet before there are systems in place permanently to stop thieves targeting the next Charlotte Morgan in the same way.
In the meantime perhaps the best thing you can do is to protect yourself. You can do this by setting a new PIN number to your SIM card itself. This would stop the thieves being able to do a ‘Sim Swap’ without knowing that PIN.
It’s a simple matter, on an iPhone, of going int Settings and tapping “Phone”. Next, tap “SIM PIN” to access this feature. Tap “SIM PIN” to activate it. Your SIM will come with a default PIN set by your mobile carrier which can then replace.
I hope this helps in the short term. In the longer term it would be nice to think that the business world could do more.
If you would like to find out more about the fraud protection services offered by TMT ID drop us a line at info@tmtid.com
Last updated on September 18, 2024
"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."
"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”
"Working with TMT’s TeleShield service has expanded our ability to detect fraud and minimise the risk to our business. TeleShield brings peace of mind and the opportunity to stop fraud before it affects our customers’ bottom line or the service."
"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."
"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."
"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."
"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."
"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."
"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."
We provide the most comprehensive device, network and mobile numbering data available
Contact us > Chat to an expert >
