Sim Swap Fraud

What is SIM Swap Fraud?

SIM swap fraud occurs when a fraudster convinces your mobile phone provider to transfer your number to a SIM card they control. This allows the scammer to take control of the number, which gives them access to your calls and text messages, as well as one-time passwords (OTPs) and two-factor authentication (2FA) codes sent by banks and other online services. This can allow them to reset account passwords, access emails, and potentially steal money or sensitive data.

How the Scam Works

1. Gathering Personal Information: The scam begins with a fraudster gathering personal details about you. This can be achieved through phishing emails, social engineering, previous data breaches, or by reading your social media posts.

2. Impersonation: Using the stolen information, the fraudster pretends to be you and passes any security checks required by your phone service provider.

3. SIM Swap: Once they have passed the security checks, the fraudster can convince your provider to transfer your phone number to a SIM card they control.

4. Account Takeover: With control of your number, they intercept calls and texts, including one-time passwords, allowing them to access your financial and social media accounts.

Warning Signs of Sim Swap Fraud

• Loss of phone service: If your mobile suddenly stops connecting, and you can’t make calls or send texts, this could be an early sign of SIM swapping.

• Unexpected activity notifications: Your mobile phone provider may notify you that your SIM card or phone number has been activated on a different device.

• Loss of access to accounts: If your login credentials no longer work, fraudsters may have taken over your accounts. Contact the relevant organisations immediately - especially your bank, if you can’t access your online banking account.

• Contacts receiving suspicious messages from you: Fraudsters may impersonate you to scam others. If friends or family receive unexpected money requests or other unusual messages from you, take immediate action.

How to Protect Yourself from Sim Swap Fraud

Secure Your Mobile Account

• Contact your network provider: Ask about additional security measures, such as PIN protection for SIM swaps.

• Enable SIM lock features where available.

Protect Personal Information

• Avoid oversharing on social media: Don’t post details like birth dates, pet names, or schools, which are often used in security questions.

• Be cautious of unsolicited emails, calls, or texts: Never click on unknown links or provide personal details to unverified sources. These may allow fraudsters to access personal data which can then be used to convince the mobile phone network that they are you.

Strengthen Online Security

• Enable Two-Factor Authentication (2FA): 2FA helps keep cyber criminals out of your accounts, even if they know your passwords. Using biometrics, such as your fingerprint, or authenticator apps can be more secure than SMS-based 2FA, as scammers can intercept text messages through SIM swap fraud.

• Use strong, unique passwords: The National Cyber Security Centre suggests combining three random words to create a strong and memorable password. Adding numbers and symbols will will further enhance your password security.

• Keep software updated: Ensure your phone, apps, and security software are always up to date.

What to Do If You Suspect SIM Swap Fraud

• Call your mobile provider immediately: If you receive an unsolicited text or email about your SIM being transferred, a Personal Access Code (PAC) request, or if your phone suddenly loses service, report it to your provider right away.

• Contact your bank and other financial institutions: The fraudster may attempt to make a money transfer online or over the phone. Alert your bank immediately so they can block any unauthorised transactions.

• Change passwords on all critical accounts: Update login credentials and enable two-factor authentication (2FA) where possible.

• Check for unauthorised transactions: Review your bank statements and report any suspicious activity.

• Report the fraud: Report the fraud to your local authorities or fraud prevention services. You can call the Cyber and Fraud Hub at 0808 281 3580 if you suspect fraud.

You can also record your details with Cifas, the fraud prevention service, to apply for protective registration. Once you have registered you should be aware that Cifas members will carry out extra checks to identify when anyone, including you, applies for a financial service, such as a loan, using your address.

Additional Links

Support and Wellbeing:

• Protecting yourself against cybercrime - Police Scotland - Helpful resources on how you can protect yourself against the different forms of cybercrime from Police Scotland.

• Cyber Aware - NCSC - Advice on how to stay secure online from the UK's National Cyber Security Centre (NCSC).

• Social Media: how to use it safely - NCSC - Social Media guidance from the NCSC.

• Social media: protecting what you publish - NCSC - Social Media guidance from the NCSC.

• Crimestoppers - Independent UK charity taking crime information anonymously.

• Victim Support Scotland (VSS) - VSS offers free, independent and confidential support for victims, witnesses and their families.

• Contact Us | Samaritans - Samaritans offer listening and support to people and communities in times of need.

• SAMH (Scottish Action for Mental Health) - SAMH provide mental health support and accessible, practical information.

• Cyber Scotland - A strategic partnership offering regular updates on cyber in Scotland and resources to improve cyber resilience.

• Online Abuse - Get Safe Online - Information on Online Abuse from Get Safe Online

If you have been a victim of crime and it is not an ongoing emergency, you can report this to Police Scotland by calling 101. For all emergency calls, please dial 999.