As we become more reliant on mobile devices, security risks increase. The National Police has warned about a new digital fraud that has gained notoriety in recent years. This is SIM swapping and consists of criminals take control of a telephone line to access the victim’s personal information, bank accounts and social networks. But how do they achieve it?
The process begins with the scammers collecting personal data of your target, such as full name, phone number, address or even financial details. This data is usually obtained through practices such as phishing, hacking, social networks or database leaks. In addition to traditional social engineering methods, another strategy used by scammers, BBVA highlights in a publication, is the creation of fraudulent applications specifically designed to steal sensitive information. These applications, which appear legitimate, are installed on victims’ devices and collect personal data without their knowledge.
Once they have enough information, the criminals contact the victim’s telephone operator. Using precisely the collected data, they convince the provider that they need to transfer the number to a new SIM card, claiming loss or damage to the original device. If the operator does not detect the fake, it activates the number on a SIM controlled by the scammers. “If you fall for this scam, cybercriminals could have access to your calls or messages, especially the verification codes that your bank sends you to confirm transactions. With this they could impersonate your identity, carry out fraudulent transactions and leave your accounts at zero,” the agents warn.
The Civil Guard advises to pay attention to various signs that could reveal a SIM swapping attack, such as receiving notifications about unsolicited changes to your accounts, either through messages or emails. These alerts could indicate attempts by third parties to take control of your data.
Another key sign that the Armed Institute highlights is the sudden loss of mobile connection, without a clear reason, as this could mean that the SIM card has been deactivated. Furthermore, the unrecognized bank charges or suspicious movements in your accounts represent another sign that attackers could be accessing your funds.
We can take simple measures to protect ourselves against this type of fraud. The National Police emphasizes that it is crucial to reinforce security measures on accounts and telephone numbers, for example, activating two-factor authentication Application-based (2FA): Using tools like Google Authenticator or Authy instead of SMS codes reduces vulnerability.
It is also important to establish a Additional PIN with the mobile operator and use strong passwords. Ask your provider to only allow SIM changes with an additional security code. Finally, cybersecurity experts ask you to avoid sharing personal information on social networks and monitor activity in your bank and email accounts: any unusual access should be reported to the authorities immediately.
