Recently there has been a spate of scams reported in the media using swapping of SIMs to create fraud. A recent example was reported in The Guardian.
Whist the media enjoys giving frauds and scams new names, this is essentially little more than a reworking of identity theft. The report identifies that fraudsters need to carry out several steps before being able to impersonate an individual to their bank and illicitly transfer funds.
Specifically this scam involves:
- Phishing for bank account details or acquiring these via criminal activity
- Setting up a business account in the name of the victim at the same bank as their primary account
- Calling the network operator to cancel one SIM and order another (presumably at an alternative address)
- Initiating calls from the swapped SIM card to transfer money
What is astonishing is that this level of sophistication was carried out for a theft of £1,500. It suggests that either the victim has been unbelievably careless with personal data or that the effort required to carry off such as scam is lucrative enough to warrant the investment in time.
Identity fraud is not new, of course. It is, however, increasingly simple to achieve when so much information is available digitally. The costs of losing a mobile phone used to be largely limited to the value of the phone itself. Now it is the cost of the data contained within, including bank account details on apps, private contact information, intimate text and mobile messages and company information on corporate email accounts. Piecing this information together to defraud someone becomes much easier when it is all in one place.
Such are the risks of having a digital footprint that is clear and in one place. Historically piecing together the information to carry out a fraud or identity theft was time consuming. With everything accessible from the theft of a phone, it is much easier and users need to be far more on guard of the risks that are contained in not securing a mobile device safely.