New online scam: SIM Swapping
A main feature of our generation is the substantial increase in the use of our personal data on the internet. Technological developments require us to share many personal details to app or website developers or, less frequently, to the general public rendering our data vulnerable to new scamming methods.
Although every internet user is aware of the existence of cybercrime, it remains difficult to recognize when one is a victim of these illegal practices. For this reason, Letslaw by RSM wants to provide you with some relevant information on the field that may help you detect if you are under the radar of a cybercriminal and, If so, how to react.
What does “SIM Swapping” mean?
SIM Swapping is the term used to describe a new type of scam wherein an individual successfully duplicates a SIM card despite not being the phone line owner. The aim of doing so is to receive the text messages that bank entities send to customers as a security measure to confirm certain banking transactions. Duplicating the SIM card also leads to the cancellation of the previous SIM card.
It must be highlighted that a duplicate SIM card only guarantees exclusive access to the phone line. In other words, a duplicate card does not imply getting access to passwords or banking details.
Therefore, for this scam to be successfully carried out by the cybercriminal, they must have previously obtained the victim’s credentials and other personal details required by the platforms attacked.
The Spanish Secretary of State Security has stressed that cybercriminals request the duplicate of the SIM card on dates and times where it is more complicated for banking and phone users to contact customer services. These include times when they are not working at 100%, such as weekends, late afternoons or evenings, bank holidays or long weekends, causing a delay before the victim becomes aware of the scam and can disable or block their accounts.
Policies for SIM card duplication vary from one company to another. However, the Spanish Data Protection Authority (AEPD) has established that every SIM card duplication policy must be compliant with the Data Protection Principles set out in article 5 of the GPDR and that companies must diligently apply these policies at all times. Infractions of the aforementioned requirements have already led to sanctions of up to three million euros.
Good practices to prevent SIM Swapping
Letslaw by RSM is aware of the consequences this type of scam can cause and, for that reason, we provide you with a list of good security practices that may help reduce your chances of being a victim of a SIM Swapping scam:
- Do not enter sensitive information such as passwords or bank details if your device is connected to a public wifi network.
- Enable, if possible, biometric authentication methods, such as facial recognition or fingerprints. Where a password or code is required, our advice is to avoid easy ones that may be evident to a third party different than the owner, such as birth dates, addresses, or anniversaries. Additionally, it is recommended to avoid noting down important credentials in devices with internet access.
- If your phone line connection suddenly stops working with no reason, contact your phone company to notify the incident. If they can confirm that your SIM card has been duplicated, change immediately the credentials to access your bank account and other frequently used services and contact the entities responsible for the service to notify the scam.
- Avoid accessing links contained in suspicious text messages or emails. It is common for cybercriminals to impersonate reputable institutions such as your bank, government entities or healthcare entities in order to gain access to your personal data. Consequently, if you receive a message that does not match the standard format or content of the entities you trust and/or if the sender is not an official number or account, do not share any information with them and contact the relevant entity as soon as possible to find out if they are responsible for the communication you received.
How to react if you are victim of a SIM Swapping cyber attack
Victims of a SIM swap should inform their bank entities about the incident as soon as possible and provide them with the documentation issued by the police so that the entity can proceed to refund the charges made by the cybercriminal. In this regard, the Spanish legal system mandates that banks must return the money spent by the cybercriminal to the victim unless they can prove that the alleged victim is acting fraudulently or that the victim has demonstrated some kind of negligence.
Letslaw es una firma de abogados internacionales especializada en el derecho de los negocios.
More from my site
Taxation applied to online gambling winnings
Fake reviews and online reputation: legal changes are approaching
How to adapt my business to online sales?
GDPR and Online Sweepstakes: 5 Things You Should Know
Legaltech to offer more efficient legal services 
New call for applications for the Digital Kit program