Smishing, vishing and SIM card swap theft scams

Explaining the smishing (SMS phishing), vishing and SIM card swap and theft scams

Example of a smishing message on a smartphone

Example of a smishing text message on a smartphone. As you should be able to see, the website address is not for the NatWest bank, but even if it looked as if it was, never provide login information to any bank website accessed from an email, always enter the bank’s site address yourself in the address bar to log in.

Being knowledgeable about security on the Internet is paramount for your financial health.

If you become a victim of the following social-engineering frauds by cyber criminals – smishing, vishing and SIM-card swap scams – they can result in large financial losses.

Social-engineering frauds rely on cyber criminals using information about their victims that they obtain from the web legally. Most of it comes from the social media sites, such as Facebook, Google Plus (G+) and Twitter. The intention of the criminals is to dupe their victims into taking actions that enable them to gain access to smartphones and bank accounts.

The smishing (SMS phishing) and vishing scams

SMS Smishing

Phishing is the name for the fraud that employs the standard email system in order to obtain user names and login information that is then use it to raid bank accounts, such as PayPal, and store accounts, such as Amazon, eBay, etc. SMS phishing, also known as smishing, uses the SMS (Short Message Service) that the mobile-phone systems use to send text messages to deliver mobile phishing fraud.

Use the web search queries SMS phishing and smishing to read about the people who have fallen victim to that type of fraud.

Vishing

Why you should never provide your bank account’s login information over the phone

This fraud known as  “vishing” involves cyber criminals persuading victims to provide them with personal information or transfer money over the telephone using various dishonest means.

The following is a link to a typical story in which the elderly victim, ignorant of Internet security, was persuaded to provide login information to her bank account, including the code that her log-in machine in her possession provides.In this case, the woman was asked to phone the number on the back of her bank card because the thief knew that his call to her would not be disconnected immediately and that the conversation with the thief could be continued. Hence this advice from the UK’s financial ombudsman: “If you have concerns about a call, phone the police non-emergency number 101 on a different telephone or allow at least five minutes for the line to clear.”

For example, the Nationwide Building Society provides its users with a machine. They have to switch it on and enter a PIN number and then follow a process that generates an online login number.

Users can also obtain a login code via a mobile and/or landline phone.

For example, Tesco Bank allows its users to provide both their mobile and landline phones numbers. They then have the choice of receiving the login code, required by the login process of Tesco Bank, to obtain the number that must be entered during the login process.

Under no circumstances must you ever provide that code to anyone over the phone no matter who they say they are.

I lost £17,500 in ‘vishing’ scam – because ‘I didn’t watch The One Show’ –

https://www.telegraph.co.uk/finance/personalfinance/bank-accounts/10882193/…

The SIM card swap scam

The SIM card swap scam uses the ability of the thieves to cancel the SIM card for someone’s mobile phone by using personal information obtained from the social media or purchased from cyber criminals.

For example, if a mobile phone is reported as lost or stolen, Vodafone used to require on the name, address and date of birth of the account holder in order to cancel an existing SIM card and issue a new one. If thieves have that information, they could report a phone as lost or stolen and get the new Sim card delivered to their address. Unbelievable but true. I do not know if that is still the case. Probably not.

The thieves would then use a phishing or smishing scam in order to obtain the phone owner’s bank account’s user name and password. Then, all the thieves need to clean out a bank account is the login code that most banks provide via the account holder’s mobile phone, which they would have in their possession. Having someone’s SIM card in any unlocked phone makes it possible to use that phone account as if you are the real owner.

Note that a PayPal account, which can be linked to bank and credit card accounts, and an Amazon account only requires an email address and password to log into it. Therefore, you must be particularly careful never to provide that information to anyone.

Why you should never use short passwords with 8 characters or less –

Never use short passwords of 8 characters or less

Here is link to a typical story in which the SIM card swap scam was used to clean out a bank account and take out a loan in the victim’s name.

Sim-swap fraud claims another mobile banking victim –

https://www.theguardian.com/money/2016/apr/16/sim-swap-fraud-mobile-banking-fraudsters

Relevant articles on this website worth reading

  1. Cyber criminals and hackers use Facebook to obtain personal information
  2. Many Google Android mobile phones are easily hacked