The following information was recently circulated by Police Scotland.
Police Scotland is warning members of the public to be aware of a fraud which has
recently resurfaced. A local resident was victim to a mobile telephone SIM fraud which
resulted in the loss of a four figure sum of money. This is often referred to as SIM
swap, SIM split or SIM interception attack.
The first thing that can alert a victim of this type of fraud is that no service
is available on their mobile telephone. The fraudsters bank on the fact that the owner
of the mobile telephone does not question this for some time allowing sufficient time
to commit the fraud. Only when contacting their respective service provider they discover
that their number has been changed claiming a lost or damaged phone was the reason for
the new SIM being issued.
Action Fraud provide the following information and advice:
Fraudsters in the UK purchase victim’s personal details that are obtained through
the spread of Trojan malware. Victims detail packages are purchased from overseas
criminals specialising in the collection of compromised personal data to sell.
Specific data is extracted, namely online bank account details and statements.
Using the victim’s banking details to gain telephone access to the bank account; the
fraudster then opens a parallel business account in the victim’s name. Opening a
business account is subject to less stringent security checks once an individual
already has a current account with a bank and helps make any transfers of money in
the future less suspicious.
Details of the victim’s mobile phone, again extracted from the purchased personal data
package, are then passed to an individual who specialises in the SIM Split step.
This SIM Splitter then:
- Uses the bank statement obtained through the hacking to establish the mobile network the victim belongs to;
- Uses open source searches using the victim’s details to ascertain potential answers to security questions;
- Uses open source searches to establish the mobile phone network provider;
- Obtains a blank SIM card, either through an insider at a phone company or by purchasing one;
- Contacts the phone provider and tells them that the mobile phone has been lost/damaged;
- The new SIM card is activated while the victim’s is cancelled;
- Contact details and security questions may be changed with the phone provider as to further frustrate and hinder the victim from reporting the fraud.
As soon as the SIM card is activated the SIM Splitter contacts the fraudsters and tells
them to transfer funds from the victim’s current account into the newly set up business account.
As a security measure the banks will often make a call or send a text to the phone
number registered to the account to confirm if the transaction is genuine. The SIM
Splitter agrees to the transfer when contacted and disposes of the SIM card afterwards
so not to be traced.
The fraudsters can then withdraw or transfer funds away from the business account
with a lower level of scrutiny whilst maintaining a certain level of access and control
of the account with the stolen details.
Please click on the following link for information on how to protect yourself against fraud:
Police Scotland Personal Safety, identity theft Advice
Please forward this information on to family, friends, neighbours and colleagues.
Original Message Sent By
Varrie McDevitt (NHWN, Admin Assistant, NW Scotland)
|