Mobile shopping in the UK, France and Germany accounted for 28% of online Christmas orders in 2016, according to CJ Affiliates, with the UK bringing in an even bigger proportion at 44%. And these figures are set to grow even more in the lead-up to the 2017 festive period.
According to Keiron Dalton, mobile banking expert from Aspect Software, with the Golden Quarter set to see another boom in mobile payments and complex transactions, the opportunities for fraudsters to make their move on the shopping public is higher than ever. Keiron, head of Aspect’s global digital identity division, also argues that fraud that relies heavily on social engineering and bypassing weak security processes, such as SIM Swap, is seeing an upward trend in the UK and other regions, including Africa. According to Keiron, fraudsters not only take advantage of the upswing in mobile payments activity, but the sentiment surrounding the holiday for a lot of people.
Keiron explained: “SIM Swap fraud occurs when a criminal registers an existing phone number of a victim on a new SIM card by impersonating the victim to the mobile phone provider. Once activated, a criminal will receive all the calls and SMS notifications sent to the victim’s mobile number and can deactivate the original SIM card in the process. Once in control, criminals are able to bypass SMS-based one-time-passcodes, and steal large amounts of money quickly. This often happens before the victim is even aware they have been targeted.”
“We are working closely with the GSMA, as well as with a number of big banks and leading mobile network operators in the UK and in the rest of Europe to build a collaborative effort to fight new types of fraud like SIM Swap, but consumer awareness of the crimes has stayed relatively out of the headlines. If your phone or SIM card has been compromised, there are a number of tell-tale signs to look out for before it gets too far,” Keiron said.
Phishing messages and suspicious communications asking for information
SIM Swap fraud requires the hacker to have access to a victim’s bank details. These are often obtained through an email phishing attack, unsolicited communications asking for details, or by purchasing that information from online crime gangs. You should never respond to these types of communications or send your bank details on any platform that could be read by someone else. Your bank will never ask for this information so don’t be fooled by fraudsters imitating your bank. This leads to the initial opportunity to get account access or access to a duplicate SIM card; it also could provide criminals with the answers to personal security questions.
Extended loss of signal
Once SIM Swap fraud has occurred, it is not instantly noticeable to the victim. Extended loss of signal is the initial sign that SIM Swap fraud has taken place, as the control has been switched to a new device. Contact your mobile network provider to check if it is a widely known issue, or isolated to your device.
Floods of calls and messages
This is a tactic that runs parallel to the extended loss of signal. Criminals will send a flurry of nuisance calls and/or messages in an attempt to get victims to turn their phone off. If you’re suspicious, it’s vital that you don’t turn your phone off as this is used as a distraction to delay you noticing a loss of service when a SIM is swapped.
Opening links on your phone
Whether the link is sent to a victim via a phishing message or is on an unknown website, mobile phone users should be cautious when opening links on their device, and delete anything suspicious immediately. Hackers can use links that contain application packages that, if installed, will give the people behind the malware administrator rights to the victim’s device.
Be aware of the source of any applications you download
Only download applications or make in-app purchases from approved sources or stores. To prevent suspicious applications from being installed, Android phone users can go to Settings/Security and turn the ‘Unknown Sources’ option off, which will stop the phone installing them from anywhere other than Google Play.