Miscellaneous 3 min. read

How hackers can drain your bank account using the SIM card scam

How hackers can drain your bank account using the SIM card scam

These days, it’s tough to protect your personal information. Things like your name, date of birth, address, phone number, and of course Social Security number are all at risk, and with our reliance on social media and our willingness to share personal details online, hackers are finding it easier than ever to steal our identities.

If that wasn’t enough, there’s one more thing to worry about: Scammers are now targeting your cell phone.

What is the SIM card scam?

You probably know that most phones have a SIM card. It’s a small chip that assigns phone numbers and helps to identify your phone on the network. If your phone is ever stolen or lost, your cell phone provider will give you a new SIM card. And criminals have figured out how to use this against you.  

Here’s how it works:

First, they steal your personal info, like your name, phone number, and account information. They’ll typically target you multiple times via phishing emails (emails that look legit but actually contain spammy links), and scour your social media profiles for other opportunities to piece together your personal information.

Then, they contact your cell phone carrier and pretend to be you. They say they lost their phone and have to get a new SIM card. As soon as they get that SIM card, all of your calls, texts, and everything else is now delivered right to the scammer. Your actual phone, of course, is now deactivated.

While annoying, this might not seem like it could be overly dangerous. But it’s here where things get much worse.

As soon as they get access to the data on your SIM card, they try to hack into your bank account by using two-factor authentication codes. Remember when you sign into your online bank account and it asks for your password (which you can reset via your mobile phone) and, most importantly, for you to enter the code it just text you? Well, now the hacker gets that code sent directly to them.

SIM fraudsters will make money withdrawals using what’s called a parallel system. They create a second bank account under your name (given you’re already a customer, the security checks are minimal). When the criminals execute a transfer between the two accounts, it appears to the bank’s computer system as though you are simply transferring funds between your two parallel accounts.

Once you actually realize what’s happening, all of your cash might be gone.

SIM card scam

How to protect yourself against the SIM card scam

The SIM card scam is becoming increasingly popular among hackers. Since 2013, incidents practically tripled to almost 3,000 cases per year. The best way you can protect yourself is to add a PIN to your cell phone account. We’re not talking about the PIN on your phone, but an actual passcode that is required whenever you make any change to your account. This extra layer of security can help prevent a hacker from fooling the agent into thinking they’re you.

AT&T

You can set up your PIN on AT&T online. Log into your account, and then view your profile. Click on Sign-In Info, then Wireless Passcode, and then Manage Extra Security. Here is the option to create your PIN.

Verizon

If you have Verizon, the easiest way to set up a PIN is to go to VZW.com/PIN. You can also go to a local Verizon store or call Verizon at 800-922-0204.

T-Mobile

To set up your PIN on T-Mobile’s network, you can call 800-937-8997 or 611 on your mobile phone.

Sprint

Sprint requires all customers to have a PIN. To check it or update it, log into your Sprint account.

Don’t forget about SIM card scam prevention

One way criminals might have got your name, phone number, and account number is by hacking your device on free WiFi. Whenever you are using a public WiFi connection your risks of being hacked go up exponentially. Protect yourself by installing a secure and trusted VPN like Hotspot Shield which encrypts all your data on unsecured WiFi. Also be wary of the information you share online. In some cases, it’s literally as easy as scrolling through your Facebook feed to discover your location, phone number, email address, and other personal information.

Fighting against scammers is getting harder all the time. This is why it’s so important to keep up with the latest security measures. The more you do to protect your sensitive information, the better off you are going to be.

Download Hotspot Shield

Photo via Simon Yeo on Flickr

Get the latest stories and tips from Hotspot Shield in your inbox