On Your Side: SIM swipe scam

Published: Feb. 17, 2022 at 5:52 PM CST|Updated: Feb. 17, 2022 at 6:44 PM CST
Email This Link
Share on Pinterest
Share on LinkedIn

SPRINGFIELD, Mo. (KY3) - It’s called the SIM swap scam, and hackers could wipe out your bank account.

The FBI issued a warning about the SIM swap scam. Those who filed complaints lost a total of nearly $70 million last year.

This is like someone stealing your phone, without physically snatching your phone. Pretend you walked into a bank and convinced the teller you were someone else. You left with someone else’s cash. That’s how this works.

Scammers research you. They use your personal info and trick your mobile carrier to give a new SIM card. Hackers change your passwords and access your accounts.

“Who are our vulnerable populations? Is it those who are not so tech-savvy?” asked Ashley Reynolds during a conversation with Shannon McMurtrey, a professor of Cyber Security at Drury University.

“It’s tempting to say that, but all of us could fall for social engineering,” he replied. “Social engineering is hacking a person. Instead of hacking a computer. It turns out hacking a person is much easier than hacking computers.”

Don’t put your phone number on social media websites.

“Think about this,” said Dr. Xiang Guo, an IT professor at Missouri State University. “I was talking to a student today. You wouldn’t want to post your address, name, cell phone number on a billboard along Highway 65. If you do that on Facebook, it’s actually worse than that.”

Tips to better protect your ID

  • Use a two-factor authentication app.
  • Avoid clicking on links in texts or emails from unknown sources.
  • Use a password manager. Consumer Reports’ top-rated password managers are 1Password, Keeper, and Bitwarden.

From the FBI News Release:

The FBI recommends individuals take the following precautions:

  • Do not advertise information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums.
  • Do not provide your mobile number account information over the phone to representatives that request your account password or pin. Verify the call by dialing the customer service line of your mobile carrier.
  • Avoid posting personal information online, such as mobile phone number, address, or other personal identifying information.
  • Use a variation of unique passwords to access online accounts.
  • Be aware of any changes in SMS-based connectivity.
  • Use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts.
  • Do not store passwords, usernames, or other information for easy login on mobile device applications.

The FBI recommends mobile carriers take the following precautions:

  • Educate employees and conduct training sessions on SIM swapping.
  • Carefully inspect incoming email addresses containing official correspondence for slight changes that can make fraudulent addresses appear legitimate and resemble actual clients’ names.
  • Set strict security protocols enabling employees to effectively verify customer credentials before changing their numbers to a new device.
  • Authenticate calls from third party authorized retailers requesting customer information.

To report a correction or typo, please email digitalnews@ky3.com

Copyright 2022 KY3. All rights reserved.