SIM swapping: what it is, how to prevent it and what to do if your mobile phone has been stolen

In Spain, almost 300,000 mobile phones are stolen every year. In other words, about 30 devices are stolen every hour. This is an ‘interesting business’ for the pickpockets and thieves who sell them at laughable prices compared to what they cost their owners brand new. But mobile theft is becoming the goose that lays the golden eggs for organized hacker groups.

Although the immediate damage of losing the latest model of Apple, Samsung or XiaoMi can be between 300 and 1,300 euros depending on the model, the real problem comes if the person who stole your mobile is, besides a pickpocket, a cyber criminal.

If that is the case, you could become a victim of SIM swapping, the technique used lately by hackers who duplicate their victims’ mobile SIM card. Thus, they can access all of their victim’s personal information and, above all, they can use it in the mobile verification that all banks usually ask for when operating over the Internet.

This means that although most bank apps are very secure, with complex protocols for access keys, encryption of communications and virtual keyboards, digital scammers are able to bypass security through a technique called “social engineering“, which consists of deception through techniques of persuasion and psychological manipulation.

However, instead of directly conning the victims, SIM swapping is achieved by deceiving telephone store clerks. Hackers convince the mobile operators’ salesmen to transfer the telephone numbers to SIM cards controlled by them by means of a duplicate SIM.

In general, telephone operators always request that users go to official physical store of the service provider and that they provide personal data in order to authorise the duplicate of the card. However, human errors are possible.

On the other hand, one must remember that, for a ‘smart guy’, getting data from users with malware, phishing techniques or simply buying databases on the dark web, is very easy. Therefore, even if they don’t get the duplicate SIM, they might still be able to decipher the mobile access code.

There is no such thing as 100% security, but the banks are aware of security and have made improvements. Obviously, having an antivirus, antimalware, antispyware turned on is crucial, because security is not just a concern for the banks. It starts with the individual. If the device is compromised, any mobile operation is not safe. This is concerning if you are banking online, forget to publish a tweet or be flirting on social networks. Focus on what’s important and then do the rest” recommends Hervé Lambert, Global Consumer Operations Manager at Panda Security.

Tips to not fall victim to SIM Swapping

Follow these recommendations to avoid becoming a victim of SIM Swapping:

    • Use an additional password or double authentication : facial recognition, voice recognition, additional PIN, Google authenticator, etc.
    • strong>Don’t share too much information on the Internet. The more information there is about you on the web, the easier it will be for the bad guys to blackmail you, scam you or get other things from you (passwords, bank accounts, etc).
    • Do not store everything on your mobile : it’s not a safe. It’s an electronic device that’s not 100% secure.
    • Require your mobile operator to strengthen its security systems when it comes to operations on your behalf.
    • Messages through messaging applications (WhatsApp, Telegram, Line… type) are safer than SMS, since they are encrypted and the latter are not, making them more susceptible.
    • Do not link your bank accounts to your account or phone
    • Never give anyone your PIN code. Never!
    • Install an antivirus or security solution to prevent them from stealing or accessing your personal data.

    What to do if your mobile device has already been stolen:

    • Ask your service provider to block the IMEI of your phone;
    • Search for your phone the locator app
    • Cancel the SIM and ask for a duplicate of it.
    • Change all your passwords . All of them!
    • Report it to the Police
    • Report it to your service provider
    • Alert your contacts. Yes, all of them.
    • Block the device and delete the content remotely, if you can (if you have installed Panda, you can!).

Download Panda Mobile Security