Can a SIM swap attack clear out your bank accounts without warning?
Take a look at the viral warning, and find out what the facts really are!
Claim : SIM Swap Attack Can Empty Bank Accounts Without Warning!
This message has gone viral on social media and WhatsApp, warning about a new high tech fraud called SIM Swap Fraud that can empty bank accounts without warning.
The message includes a link to a Straits Times report about a young couple who lost $120,000 in a fake text message scam targeting OCBC Bank customers.
Truth : SIM Swap Attack Are Real, But Don’t Work Like That
The truth is – SIM swap attacks are real and very dangerous, but they do not work like the viral message claims.
Here is what you need to know about the viral message, and SIM swap attacks.
Fact #1 : SIM Swap Attacks Are Not New
SIM swap attacks are really not that new. They have been around at least since 2015.
Fact #2 : Viral Message Is Partly Fake
The viral message is correct about the risk of SIM swap attacks, but pretty much wrong about everything else.
In fact, the method by which the SIM swap attack works is completely made up. So the viral message is really FAKE NEWS.
Fact #3 : Straits Times Article Was Not About SIM Swap
The fake news creator added a link to a Straits Time article, to mislead you.
That’s because the article isn’t about a SIM swap attack, but a phishing attack, where the victim received an SMS with a link that took him to a fake website that “looked exactly like the OCBC login page“.
The victim then keyed in his bank login details, thus handing over control of his bank account to the scammers. He also ignored automated messages warning him that his “account was being setup on another phone“.
It had nothing to do with a SIM swap attack. It was an SMS-based phishing attack.
Fact #4 : SIM Swap Attack Generally Does Not Require Any Action
In most SIM swap attacks, scammers use your personal information, either purchased from other criminals or obtained through earlier phishing attacks or social engineering, to request for a SIM card replacement.
All that does not require any action on your part. In most cases, you only realise you’ve been hit when you lose access to your mobile number.
Fact #5 : SIM Swap Attack May Require Action In Some Cases
The Press 1 claim in the viral message is partially correct, but it only happens in a particular circumstance.
In India, scammers have tricked people by offering a free network upgrade, or to help improve signal quality on their phones :
- The scammer will call the victim, claiming to be from their mobile service provider.
- The scammer will try to get the victim to reveal his/her 20-digit SIM card number.
- The scammer will use the 20-digit SIM number to initiate a SIM swap with the mobile service provider.
- The mobile service provider will automatically send an SMS to confirm the swap.
- Once the victim confirms the swap, his/her SIM card will stop working.
- The scammer now has access to the victim’s mobile number.
Fact #6 : SIM Swap Attack Does Not Hack Your Phone
The SIM swap attack does not involve any hacking of your phone.
You only lose access to your mobile number. Your phone is not hacked.
Fact #7 : SIM Swap Attack Does Not Empty Bank Accounts
Once the scammers successfully gain control of your mobile number, they can use it to intercept one-time passwords (OTP) like TAC numbers.
This allows them to change passwords to your bank accounts, social media accounts, etc. which is why SIM swap attacks are so dangerous and damaging.
However, it does not mean your bank accounts are immediately emptied. For one thing – the scammers need to know your bank login.
That’s why SIM swap victims often have had their bank logins and passwords stolen earlier though phishing attacks. The scammers only need their mobile numbers to receive OTP / TAC numbers to authenticate the transfers.
Fact #8 : SIM Swap Attack Can Be Used To Cheat Friends Too!
Stealing money from your bank account requires extra work, so scammers who do not have your bank login details will resort to cheating your friends.
With access to your phone number, they can easily gain access to your social media accounts (Facebook, Twitter, Instagram) as well as instant messaging apps (WhatsApp, Telegram).
Once they have control, they can send messages to your friends, pretending to be you. Naturally, they will concoct some story to ask your friends for money.
The idea is to use your (now) stolen accounts to convince your friends that you genuinely need their help. The money that they transfer goes directly to the scammers, or their mules (people who rent their bank accounts to scammers).
- Did Bill Gates Call For Withdrawal Of COVID-19 Vaccines?
- Can Hackers Use Good Morning Greetings To Hack You?
- Did Joe Biden Fire Over 200 Marines For Not Taking Vaccine?
- Does July 2022 Happen Once Every 823 Years?
- Did US Supreme Court Just Cancel Universal Vaccination?!
Go Back To > Cybersecurity | Mobile | Tech ARP