Skip to main content

Sim-swap fraud: the latest scam

Sim-swap fraud can be an incredibly lucrative scam, leaving victims without access to their phones, and in many cases their bank accounts. According to Action Fraud, between January and June of 2020, there were 483 cases, with each victim losing around £2,500 on average. We’ve been looking into sim-swap fraud, and what smartphone users can do to prevent themselves from becoming part of these statistics.

What is sim-swap fraud?

Sim-swap fraud is where a hacker convinces your mobile phone network to transfer your phone number to their Sim card. They do this by calling your network customer services helpline, and requesting the Porting Authorisation Code (PAC), which enables users to move their numbers to different networks.

Once the perpetrator has access to your phone number, they also gain access to all of your calls and text messages. From here, the perpetrator can attempt to reset your passwords on accounts and applications. From here, the hacker can access an email account, and with your email account and phone number, is also likely to be able to access your bank and credit cards. 

The hacker can then empty your accounts, apply for loans in your name or make purchases, costing you thousands of pounds. 

How does sim-swap fraud work?

The key part of sim-swap fraud is that it involves some social engineering; essentially convincing someone who works for your phone network that they are you, and that they need to swap your phone number to their sim card. 

There are a number of things that mobile networks have in place in order to protect themselves against these kinds of hacks, such as only sending the PAC to the original Sim card, which prevents perpetrators from moving forward with this kind of scam.

However, one of the ways that hackers will try to gain the trust of the customer service representative, and convince them to hand over the PAC, is by correctly answering security questions about the victim’s likes, hobbies and family.

This is a really effective way of convincing the network provider that the fraudster is legitimate, and thanks to social media, it’s very easy for the fraudster to collate this kind of information. Hackers can easily target a victim who posts about their pet or favourite sports team, and wait for the right security question to crop up.

What can you do to stay safe?

One of the key factors in a successful sim-swap fraud is the social engineering element, and how effectively the perpetrator can impersonate you through answering those security questions. By making your social media accounts accessible only to your friends, you’re preventing perpetrators from mining that information and using it against you.

Another way of protecting yourself against this scam is by answering the security question with a passphrase, or adding a password to your mobile account. If you do receive a text about your Sim being swapped, contact your network provider immediately, and let your bank know that you may be at risk.

Tweet us @TranscenditUK


The Transcendit Way

Transcendit understand that when you choose to work with us, whether we're taking care of your IT, app or web development, you're trusting us with part of your business. So whether we're looking after your computers, phone systems or servers we always do things 'the Transcendit way'.

The whole of our team adhere to the same values, beliefs and policies - the principles that were written when Transcendit first formed in 2000. Whether you come to us for cloud services or recovery backup you can be confident that you'll always receive the same excellent service.

The Transcendit way outlines how we do business; following the same straightforward principles with every client and customer, regardless of how big or small they may be.

That means we get to know you and your business. We offer you a friendly, professional and efficient service, and we'll always be honest with you.
We understand that not everybody speaks fluent IT, so we try to explain things in a way that is simple and clear. We always spend as much time as is necessary explaining things to you.
If you need to talk to us about something, no matter how insignificant, we are only ever a phone call away – and we’re never too busy to make you a cup of tea and have a sit down with you in person.
We understand how frustrating it can be when things are late. When we schedule an appointment with you, we are there when you’re expecting us. If something prevents us from getting there, we always call you in advance to let you know.
Sometimes things can go wrong, but we never lie to you or try to cover something up. If things go askew we tell you what’s happened and how we plan to prevent it affecting your business.
We want you to continuously benefit from working with us. We regularly discuss your business and make suggestions for improving systems and processes wherever we can – but we never try to push you into a purchase.
When we quote a fixed price, that's always the amount we charge – you won’t find any nasty surprises on a bill from us. If you are paying by time and materials, we inform you if our approximations could change.
We understand the importance of privacy for your business and your customers. We respect the confidentiality of your data, and we will never pass on your information to third parties.
We appreciate it when you take the time to give us feedback. A system called CustomerSure records our client's responses, so you can trust that our reviews are from real people.
Find out what they're saying here.
The usual 1st class service that I've come expect as the norm! Dave Wales, Chirmarn

Based on 12075 reviews our customers rate us 9.8/10. Reviews and ratings by Customersure. 09-October-2024

Transcendit are proud sponsors of CHUF, the Children's Heart Unit Fund.

Transcendit is a Microsoft Gold certified partner
VMWARE partner
Vipre partner
IPCortex partner
WithSecure partner
DELL partner
Barracuda partner
Veeam partner
N-Able partner