The Clearsale Blog

May 25, 2020 Fraud Management

SIM Swapping: How to Protect Against This Emerging Scam

SIM Swapping: How to Protect Against This Emerging Scam

As smart technology gets smarter, so do fraudsters.

In one of the latest strategies for defrauding innocent customers, fraudsters are eyeing mobile phones. As it turns out, SIM card swapping attacks present an enticing opportunity for account takeover.

During these attacks, fraudsters take control of a victim’s phone number, bypass SMS-based account authentication, and steal credentials and cash.

While not everybody has heard of these attacks, they’re still responsible for major losses. People in the cryptocurrency space appear to be popular targets for this kind of attack. Just last year, more than 50 victims in California were drained of more than $35 million, with one blockchain consultant losing his entire life savings.

Because so many e-commerce and financial sites today rely on phone-based authentication and require customers to link phone numbers to accounts, fraudsters are increasingly attracted to the account access opportunities SIM swapping offer. Here’s what e-commerce merchants and their customers need to know about the risk.

What Is SIM Swapping?

SIM swapping is an account takeover fraud variation that takes advantage of a mobile phone provider’s ability to port a telephone number to a device containing a different SIM card. Because cellphones use SIM card cards for storing user data and authenticating telephone numbers and cellphone subscriptions, fraudsters can access the data on stolen cards to access sensitive accounts.

Once the cards are swapped, the dirty work happens fast. The victim may see their phone lose service, get logged out of key accounts and see bank accounts quickly drained.

Even more frustrating for customers is that they think they’re taking all the right precautions to prevent this kind of fraud, like enabling two-factor authentication on apps, locking cell phones and using secure passwords.

How SIM Swapping Works

In many cases, a fraudster begins the SIM swapping scam by gathering personal data on their often-wealthy target. They’ll use phishing emails or purchase information on the dark web to trick victims into revealing information like birth dates, Social Security numbers and passwords. Fraudsters might also scour social media and public websites to harvest personally identifiable information.

Once the fraudster has enough information on the victim, they take over the victim’s identity, contacting the victim’s cellphone provider, impersonating the victim and requesting the phone company port the victim’s number to a SIM card the fraudster controls.

SIM swapping may also occur directly in cell phone stores, with corrupt store employees stealing a customer’s SIM card and replacing it with a new one.

With the stolen card in hand, the fraudster can circumvent websites’ security features by intercepting texted passwords, resetting those passwords and gaining access to bank and investment accounts. Some fraudsters will cash out accounts by investing balances in bitcoins, while others create new bank accounts under the customer’s name to mask withdrawals. Attackers will likely reset passwords on other accounts as well, including those for social media, email and cloud storage sites.

How to Protect Against SIM Swapping

Because it’s so hard for customers to spot SIM swapping while it’s happening — and even harder for victims to undo the damage — it’s important for customers to be able to know how to protect their accounts.

Confirm an Email’s Legitimacy

Before they click on a link in an email that requests sensitive information, customers should hover their mouse over that link to ensure they’re being directed to a trusted source. If the link isn’t legitimate, they should report suspicious emails directly to the company from whom the email allegedly came. Many companies, like PayPal, even have a dedicated email address for customers to send suspicious communications.

Watch Your Browsing

Enter sensitive data only on secure websites. Customers should look for website names that begin with “https,” have the lock symbol or have a certificate from a company like Verisign.

Set Up Alerts

Customers should ensure they have notifications set up on their phones to alert them when account information or passwords change. Some banks can link SIM card numbers to a phone’s International Mobile Subscriber Identity, ensuring one-time codes are sent only to the device on file.

Assign a PIN to Cellular Accounts

The major service providers let customers assign PINs or passwords to their accounts, reducing the risk of a hacker making unauthorized changes. It’s important to remember, though, that this approach isn’t foolproof. Store employees may have access to these numbers and can put a customer account at risk.

Protect Personal Information

While using two-factor authentication can help customers protect accounts, text message verification may not be adequate during SIM swapping. Authentication apps or security keys may be more effective.

Customers should also avoid posting personal data online — and that includes participating in social media quizzes whose answers can help fraudsters compromise accounts.

When it comes to fraud prevention, customers have a responsibility to monitor their accounts and information. But merchants should also put the solutions in place that can stop fraud before it does serious damage to a merchant’s reputation and revenue.

If you’re not sure you’ve got the right fraud solution in place, contact a ClearSale analyst today. They can help you analyze the different fraud protection solutions available to you and demonstrate why ClearSale’s robust hybrid approach is the solution of choice for vendors worldwide.

Are you declining good orders?

You may also like

How Backtesting Can Improve Fraud Prevention

How Backtesting Can Improve Fraud Prevention

They say hindsight is 20/20, and that’s especially true for e-commerce merchants looking to increase their approval rates and decrease fraudulent transactions. It’s easy to look back at..

Is Fraud Risk Scaring You Away From International Shipping?

Is Fraud Risk Scaring You Away From International Shipping?

With cross-border shopping estimated to make up 20% of e-commerce in 2022, many merchants are right to consider expanding into other countries. So what’s stopping them from pulling the trigger?

Preparing Your E-Commerce Store for the Holiday Season

Preparing Your E-Commerce Store for the Holiday Season

It might still be summer on the calendar, but the holiday shopping season is just around the corner.  Are you ready?

Impact Analysis: Declined Transactions vs. Fraudulent Transactions

Impact Analysis: Declined Transactions vs. Fraudulent Transactions

Selling products and services online offers great opportunities for merchants, but it’s not without risk. Savvy cybercriminals use stolen personal data to defraud merchants, and sometimes, a..

Why Manual Fraud Review Is Worth the Wait

Why Manual Fraud Review Is Worth the Wait

“We don’t have time to manually review transactions.” It’s a common refrain among e-commerce merchants. They know that customers are fickle and that they’ll go where they can get quick, accurate..

What to Consider When Assessing the Cost of Fraud Protection

What to Consider When Assessing the Cost of Fraud Protection

Almost every e-commerce business would acknowledge that online payment fraud is a growing global problem—one that hurts customers and merchants alike.

Why MOTO Transactions Have an Increased Fraud Risk

Why MOTO Transactions Have an Increased Fraud Risk

It seems like the web and online shopping have been around for decades. Still, it’s really not that long ago that consumers would place orders for goods by thumbing through paper catalogs and..

The 13 Fraud KPIs E-Commerce Merchants Need to Know

The 13 Fraud KPIs E-Commerce Merchants Need to Know

When you’re doing business online, it can be hard to know if your fraud prevention solution is doing what you need it to.

Country Profile: The Guide to E-Commerce in Mexico

Country Profile: The Guide to E-Commerce in Mexico

¡Bienvenido a México! The digital economy south of the border is growing by leaps and bounds. For the e-commerce retailer, Mexico represents an exciting opportunity to enter a new market of..

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog