As scammers keep switching from one strategy to another, it becomes increasingly difficult to curb SIM swap fraud. Victims also stand to lose heavily from this financial crime.
By Michael Akuchie
In countries worldwide, a SIM card is considered a key part of a person’s digital identity. In some cases, it is even linked to their national identity cards. While this is not the case in countries like the United States, a country like Nigeria mandates that new SIM card owners link the number attached to the SIM card to their National Identity Number (NIN).
Like email addresses, the numbers assigned to a SIM card also play a significant role in helping the owner easily confirm their identity when opening a bank account, crypto wallet, or Telegram account. SIM cards are incredibly valuable to us, whether they are removable or permanently soldered into a smartphone as an eSIM.
So, what happens when you wake up one morning and learn that you can no longer make calls or send text messages? You can no longer find network bars on your device. What’s more? Logging into Facebook or X becomes impossible as you are told your account login details have been recently changed.
In some instances, the inability to call or access social media accounts pales in comparison to learning that one’s bank account has been recently emptied.
SIM swap fraud is a popular type of cybercrime across the world where scammers take control of a victim’s phone number and use it for nefarious reasons. As illustrated in the previous paragraph, the consequences range from an inability to make calls to being bankrupt. In some cases, the victim’s identity can even be used to commit crimes, thereby placing them on the radar of local, and even international, law enforcement depending on the gravity of the offense.
How does SIM swap fraud work? Essentially, a hacker can obtain a target’s phone number through a variety of clever ways. For instance, the hacker could stalk a person’s social media pages, gathering as much personal information as possible. In some instances, they could pretend to be a telecom company and send the victim an email or text message.
In the mail or text, the scammer will urge the victim to click the attached link which then takes them to a dubious page where they will be required to input certain personal information such as their mother’s maiden name, home address, email address, and the like.
Usually, the trick is to claim that the victim will lose access to their phone number should they fail to click the link. A typical example of phishing, many people often fall for this trick due to the human nature of curiosity.
When they believe they have enough information, the scammers will call the target’s telecom operator, pretending to be the target. The next step usually involves claiming to have lost their device or damaging the current SIM card and desiring a SIM swap. According to MTN Nigeria, a SIM swap is perfectly legal provided the customer has legitimate reasons to request a swap.
Usually, the support staff handling the swap request will want to confirm the customer’s identity. This could involve asking a security question and sending a one-time password (OTP) to their email address. By this time, the hackers would have already infiltrated your email and can intercept incoming emails. Once the scammer has proven that they are indeed the rightful owner of the phone number, the number is migrated to a different SIM card that the scammer owns.
Scammers operate differently, a fact that makes them difficult to pin down. While some will impersonate a victim and rely on the personal information gathered to scale any potential hurdles, some scammers can have an inside man in the telecom company who easily grants their SIM swap request.
As scammers keep switching from one strategy to another, it becomes increasingly difficult to curb SIM swap fraud. Victims also stand to lose heavily from this financial crime. In 2019, Nigeria’s Economic and Financial Crimes Commission (EFCC) apprehended three suspects in a SIM swap fraud case where a victim was defrauded to the tune of N7.1 million.
In the 2023 edition of Annual Crime Statistics, a report released by the South African Banking Risk Information Center (SABRIC), SIM swap fraud cases accounted for 58% of mobile banking fraud cases.
Similarly, in 2022, Safaricom, a leading telecom company in Kenya was sued by Abdi Zeila, a victim of SIM swap fraud who accused the company of failing to safeguard the registration details of customers. The telecom company’s failure to protect his personal information, Zeila said, led to him losing 495,651 Kenyan Shillings (N5.9 million).
Beyond financial losses, victims risk having their identities stolen to commit crimes, receive high-interest short-term loans, and tons more. This could lead to them getting arrested if apprehended by law enforcement. Victims also risk suffering varying degrees of mental health crises due to the build-up of stress and anxiety in their minds.
Increased cases of SIM swap fraud can also lead to reduced trust in digital systems, thereby reducing the number of people willing to support government-led digital-based initiatives such as electronic voting and digital identity services.
Tackling SIM swap fraud is no easy task given its complicated nature and the fact that scammers have various ways of achieving their goals. However, regulatory bodies can decrease this scourge by imposing stricter guidelines on telecom operators regarding identity verification before approving a SIM swap request. Heftier fines should be introduced, thereby causing telecom operators to take the safety of subscribers’ data seriously.
Banks should also consider implementing AI-driven fraud detection systems to flag suspicious activity on a customer’s account long before money is stolen. World governments should also look into the prospects of implementing stronger data protection laws for citizens’ sake.
Nothing beats public awareness, and all parties involved—telecom companies, banks, and even regulators—must constantly sensitise people on the dangers of clicking on suspicious links and how to protect their personal data.
Although SIM swap is quite difficult to spot before it happens, taking necessary precautions can help frustrated scammers. Consider limiting the number of people who can view your social media profiles to just friends and family.
Constantly updating your passwords can also play a huge role in safeguarding your information. Remember that telecom companies will never email or text you, asking that you click a link to keep your line from being barred. Phishing messages usually have an urgent tone, so spotting such messages should be quite easy.
Michael Akuchie is a tech journalist with four years of experience covering cybersecurity, AI, automotive trends, and startups. He reads human-angle stories in his spare time. He’s on X (fka Twitter) as @Michael_Akuchie & michael_akuchie on Instagram.
Cover photo credit: Forbes