Sim-swap fraud: how criminals hijack your number to get into your bank accounts

I use authenticator apps (Google Authenticator…) rather than SMS if it’s available for whatever website I’m logging into. My bank provides a nifty Card reader that uses my bank card as the second factor. Several of my clients give physical or software RSA tokens. The choices are out there. If you can move away from SMS, do it soon…:

[…] Fraudsters start by gathering data about you via social engineering (sending fake emails, texts, phone calls to trick you into divulging personal information) or by paying for stolen data on underground online forums. Social media accounts can also prove fruitful for learning answers to common security questions, such as birthdays, names of pets and favourite sports teams. Armed with enough information to pose as you, the scammer will contact the customer services department of your network provider – over the phone, via webchat or even in store – and ask for your number to be switched to a Sim card in their possession.

The fraudster’s aim is to take control of your number, by convincing your network to either: swap your number to a new Sim card on the same network, perhaps by claiming that ‘their’ phone is lost, or, move your number to another network by requesting the Porting Authorisation Code (PAC). While Sim-swap fraud is not new, Action Fraud reports suggest that attacks are ramping up.


Original article here