Action Fraud - the UK’s national reporting centre for fraud and cybercrime - has reported how scammers take control of mobile phones and intercept calls and texts sent by banks.
The fraudsters intention is to gather as much information as possible on victims, using a method called SIM splitting to gain access to people’s bank accounts.
A recent investigation by thisismoney.co.uk found that one victim from London lost £22,300 when fraudsters raided their Santander accounts using this method. Another two victims had £19,500 drained from their Santander accounts after criminals intercepted the bank’s text messages.
How the fraud works
Step 1: Fraudsters initially harvest as much as they can about an individual. This includes; intercepting their post, searching public information on social media/search engines, tricking them into installing malware, or buying information from Organised Crime Groups.
Step 2: Armed with this information, the fraudsters will call the victim’s mobile phone provider and tell them that the handset has been lost, stolen or damaged. Provided they can answer basic security questions, the old SIM is cancelled and a new one is activated. The fraudster may also ask for all calls/texts to be diverted to a new phone.
Step 3: The first the victim will know of a problem is when their mobile stops working. This can seem innocent at first and some people may just think it is a signal problem.
Step 4: Fraudsters then hack into victim’s online banking and open a parallel business account. Since the new business account is already in an existing customer’s name, there are fewer security checks.
Step 5: The fraudsters then start to transfer money to accounts in their control. The banks will either call or text to confirm that payments being sent are genuine. The fraudsters will pretend to be the victim and insist that payments are pushed through.
How to protect yourself against this type of fraud
Always make sure you have suitable anti-virus software installed and keep it up to date.
Always consider what you are downloading – do not open files or click on links from unknown sources.
If you discover a virus on your computer, disconnect from the internet immediately and ask a specialist for advice.
When creating a password, try not to use the same password for more than one account. This will prevent further accounts being taken over if one has been compromised.
Create a strong password by choosing three random words. Numbers and symbols can still be used if needed.
Try not to post information on social media such as your birth date, your first pet, or school as these are normally included in security questions to reset your password.
Concerned members of the public can report fraud and cybercrime to Action Fraud at www.actionfraud.police.uk/report_fraud and receive a police crime reference number.