BEWARE THE SIM SWAP SCAM!

by Doah Sto. Tomas

With the rise in cybersecurity threats and data breaches, companies have been advising people to turn on multi-factor authentication (MFA).  This basically involves using more than one method of authenticating a user.

For example, a website may require you to enter your username and password, then send an SMS message to the mobile phone number you specified during registration.  The code in the SMS message is randomly generated hence the term One-Time-Password (OTP). You need to enter the OTP in order for you to gain access to the website.

Likewise, mobile banking apps on your phone also implement MFA by requiring you to enter your username and password, then also send you the OTP (usually on first time access).  They also normally require the use of OTP for transaction that involve payments, fund transfers, or any changes to your user account info.

Sounds like a very secure way of doing transactions right?  Someone would need to steal your phone (or your SIM) in order to obtain your OTP in order to impersonate you and perform transactions in your name.  This is basically a form of IDENTITY THEFT.

Scammers and crooks have always been busy trying to find ways of defeating the latest security measures.  The latest wave of identity theft goes by several names. Some call it the SIM swap scam, others call it SIM splitting fraud.  But whatever name you prefer to call it, here is some of the common ways the scam is committed:

• Someone claiming to be a Telco representative offers you a SIM upgrade. All you need to do is turn in your old SIM card so they can replace it with a new SIM card with upgraded features.  Unless you’re actually at the Telco branch talking to the customer sales representative sitting behind the desk, do not surrender your SIM!  The moment you surrender your SIM card, these crooks now have access to your OTP and can start attempting to change your user account information so they can eventually make fraudulent transactions.

• Another way this scam is performed is with the help of someone within the Telco company itself. There have been stories of Telco staff participating (either willingly or unwillingly) to illegally provide duplicate SIM cards to criminals organizations and scammers.

• Some may even go to the Telco branch and claim to be you and report your SIM card as missing and request for a replacement SIM card.

Regardless of the method, the end result can be devastating for you and your family.  Your entire life savings or retirement fund can be wiped out should you fall for this scam!

To combat this kind of criminal activity and fraud, the following tips may prove to be a life-saver:

• Needless to say, ALWAYS turn on MFA on all your mobile devices
• If available on your device, use biometric (i.e. fingerprint or facial recognition) authentication
• Regularly change your password (every 90 days is a good interval)
• Always use long complex passwords that only you can remember. If you love eating ice cream, an example of complex password can be “Ic3Cre@mSunda3!”
• If you don’t like remember many passwords, you can use a password manager so that it will take care of generating complex and randomized passwords for each website you visit, and you will only need to remember the master password. Don’t take our word for it, check out this list of recommended password managers:  https://tinyurl.com/y7vuowqa

At the end of the day, knowledge about these scams and vigilance on our part will be our weapons against these criminal elements that want to steal your hard-earned money!