Ontario police warn of SIM swapping fraud


Ontario residents are being warned about a relatively new kind of fraud called "SIM swapping" in which criminals steal personal information via cellphone in order to access a victim's bank accounts, email and social media.

 A "fraudster" will impersonate a person and call their mobile service provider to report a lost or stolen phone, said Ontario Provincial Police and the Ontario Serious Fraud Office.

Then, the fraudster will link the victim's phone number to a new SIM card and device that they control.

At that point, the fraudster will download a series of popular apps and will select the "forgot password" button on all of them. 

If an account is connected to a phone number or email address, the fraudster will receive a verification code. They then use the code to confirm ownership of the account, create a new password and take over the victim's accounts, police said.

From there, they gain direct access to your personal information, calendar, contacts and more, police said.

"Fraudsters may empty your bank accounts, apply for credit in your good name, or impersonate you to defraud your entire contact list," said Ontario Provincial Police, along with Ontario's Serious Fraud Office and the Canadian Anti-Fraud Centre in a press release.

"In the meantime, you lose access to your mobile service, are typically locked out of all your accounts, and are left scrambling."

This fraud involves the use of "phone number porting." It's concerning, the OPP says, and incidents have been reported to police.

'Fraudsters may empty your bank accounts, apply for credit in your good name, or impersonate you to defraud your entire contact list. In the meantime, you lose access to your mobile service, are typically locked out of all your accounts, and are left scrambling,' the OPP says. (Kacper Pempel/Reuters)

Ways to protect yourself, police say

But the OPP says there are ways that people can protect themselves, such as:

  • Keep all personal information personal. It is as simple as not publishing a date of birth on social media.
  • Do not answer phishing emails or text messages asking to confirm a password or update account information.
  • Use an offline password manager.
  • Contact a phone provider and ask about additional security measures that may be available.
  • If you lose mobile service on your device, contact a service provider immediately.

"Go with your gut. If a message seems fishy, it probably is," the OPP said.

Anyone who is a victim of fraud is urged to call police.

When a SIM card is swapped, the victim can still use their phone, but they cannot make or receive phone calls.

SIM cards, or subscriber identification modules, are used by cellphone carriers to store information on services about a subscriber's identity, the OPP said.

Through a SIM card, a phone number and a mobile service are connected to a particular mobile device. A subscriber then connects dozens of accounts to his or her mobile device through the use of apps.

Many logins of these accounts are often linked to an email address, a phone number or both, police said in the release.



from Hacker News https://ift.tt/2NvljcP