Mutt
Professional
- Messages
- 1,457
- Reaction score
- 1,069
- Points
- 113
Contents
Increasing the level of security on your accounts by linking a cell number to them, and this is recommended by all well-known online services, can turn into even greater problems for the account owner. Fraudsters can not only steal your money using "your" SIM card, but also further use your personal data. Now you really need to be extremely careful and observe the security measures that will be discussed in the article.
In this review, we will talk about the ways of fraud with SIM cards, how to prevent them, and what to do if you find yourself in a problem situation.
Fraud cases
At the beginning of 2015, news spread all over the Internet, how the scammers managed to rob one high-ranking official for a large amount of money. And to do this, they just had to get a duplicate of his SIM card under a "fake power of attorney." At the same time, it should be noted once again that the victim had a ban on reissuing a SIM card in all offices of the mobile operator, except for one located in his hometown. Also, reissuance was possible upon presentation of a passport, and not a power of attorney.
During the day, the attackers were able to make several copies of the victim's SIM card at once, and this was done in different cities of the country. This incident caused a storm of outrage from users. Ultimately, this situation was resolved by the provision of compensation from the operator to the victim in the amount of $ 40 to the bonus account. At the same time, no one was held responsible for the leakage of confidential information.
In the same 2015, there was another resonant case that was widely discussed on the Internet. One citizen reissued a SIM card literally several times a day, and this was done in different cities and with a short time interval between each duplicate issue (almost simultaneously!). Her mail accounts were opened, and money was stolen from E-Wallet. And what is interesting, hacking attempts were repeated with enviable persistence even after the next visit to the office of the cellular operator.
Obviously, there was a conspiracy of the operator's employees with scammers, and mobile operator admitted this. And at the same time, the unpreparedness of cellular operators for this kind of fraud was revealed - this applies to all cellular companies. And, judging by the reviews on the Internet, there are already a fair number of cases of such fraud. And unfortunately things are still there - mobile operators cannot really protect their customers from such problems, which is why such frauds flourish.
In this case, we, ordinary people, need to become smarter and not allow such an outrage. As they say, the rescue of drowning people is the work of the drowning people themselves. To begin with, we offer you a short excursion into the methods of fraud, so that you can imagine how they can steal your money by taking possession of your SIM card.
SIM card fraud methods
A fraudster has only two ways to get hold of your SIM card: to steal your phone or to duplicate your SIM card in the office. To obtain a duplicate, a whole chain of fraudsters is usually involved, including current or former employees of the operator's company. A notary is also involved here, who in another city draws up a power of attorney without the consent and presence of the SIM card holder. But sometimes a duplicate is made without any powers of attorney - an obvious criminal conspiracy. After receiving a duplicate, your card is usually blocked by the operator. Consider the possible actions of fraudsters after receiving a duplicate SIM card or stealing a mobile phone.
Withdrawing funds from a SIM card
If your account does not have enough funds, then nothing will prevent the other person who has taken possession of your number, from there (cash out). Here are just a few ways to do it:
Withdrawing funds from a bank card through a mobile bank (sms-banking)
If you are a holder of any bank card (debit or credit), and you have the Mobile Bank sms-banking service activated (ie the card is tied to a cell number), then it will not be difficult for an attacker to transfer money from your card account to any cell phone or to any bank card. It is enough to dial a simple SMS command and send it to bank number from the cardholder's phone (which is not yours already or just for a while). This undoubtedly convenient service is called "Fast Payment", which in the wrong hands can play a bad service - a fraudster does not even need to find out your card number in order to transfer money from it. Fortunately, the transfer amount is limited.
Access to email and e-wallets
It will not be difficult to find out the mail (login) of the victim itself - they are all freely available. This is enough to recover the password by sending an SMS message by the postal service to the phone number that is linked to the account as the main number. After the attacker has entered the mail, he has access to your electronic wallets, because they are all tied to your mail address and so on. It remains only to withdraw all the money from the wallet, if the system does not suspect something was wrong. In the same way, they get access to electronic wallets WebMoney or QIWI.
Bank card access
This is a more serious situation, because knowing the details of your card, even with standard transfer limits, you can withdraw serious amounts from it. How to get the details (card number, expiration date, name and surname of the holder and CVV2 / CVC2 authentication code)? They are simply photographed when paying with a card at a point of sale or use more technically sophisticated methods (phishing or skimming). With this data in hand, a fraudster can bind it to a mobile phone account or to an electronic wallet and your money has disappeared (see cashing methods above)
We cannot 100% protect our SIM cards and accounts from such fraud, but we can still take some measures.
How to prevent such cases
Duplicate SIM cards are issued daily, however, the owner of the number is not always the recipient of them. To prevent such cases of SIM card fraud, you should:
What if you feel that something is wrong?
What should citizens do in the event that a SIM card, which is tied to a bank card, electronic wallet or to a mail account, has been stolen / lost / restored by agreement. Don't panic in the first place. Follow the steps below, then the likelihood that your money will be stolen will greatly decrease:
- 1. Cases of fraud
- 2. Ways of fraud with SIM cards
- 2.1 Withdrawing funds from a SIM card
- 2.2 Withdrawing funds from a bank card through a mobile bank (sms-banking)
- 2.3 Access to email and e-wallets
- 2.4 Access to a bank card
- 3. How to prevent such cases
- 4. What if you feel that something is wrong?
Increasing the level of security on your accounts by linking a cell number to them, and this is recommended by all well-known online services, can turn into even greater problems for the account owner. Fraudsters can not only steal your money using "your" SIM card, but also further use your personal data. Now you really need to be extremely careful and observe the security measures that will be discussed in the article.
In this review, we will talk about the ways of fraud with SIM cards, how to prevent them, and what to do if you find yourself in a problem situation.
Fraud cases
At the beginning of 2015, news spread all over the Internet, how the scammers managed to rob one high-ranking official for a large amount of money. And to do this, they just had to get a duplicate of his SIM card under a "fake power of attorney." At the same time, it should be noted once again that the victim had a ban on reissuing a SIM card in all offices of the mobile operator, except for one located in his hometown. Also, reissuance was possible upon presentation of a passport, and not a power of attorney.
During the day, the attackers were able to make several copies of the victim's SIM card at once, and this was done in different cities of the country. This incident caused a storm of outrage from users. Ultimately, this situation was resolved by the provision of compensation from the operator to the victim in the amount of $ 40 to the bonus account. At the same time, no one was held responsible for the leakage of confidential information.
In the same 2015, there was another resonant case that was widely discussed on the Internet. One citizen reissued a SIM card literally several times a day, and this was done in different cities and with a short time interval between each duplicate issue (almost simultaneously!). Her mail accounts were opened, and money was stolen from E-Wallet. And what is interesting, hacking attempts were repeated with enviable persistence even after the next visit to the office of the cellular operator.
Obviously, there was a conspiracy of the operator's employees with scammers, and mobile operator admitted this. And at the same time, the unpreparedness of cellular operators for this kind of fraud was revealed - this applies to all cellular companies. And, judging by the reviews on the Internet, there are already a fair number of cases of such fraud. And unfortunately things are still there - mobile operators cannot really protect their customers from such problems, which is why such frauds flourish.
In this case, we, ordinary people, need to become smarter and not allow such an outrage. As they say, the rescue of drowning people is the work of the drowning people themselves. To begin with, we offer you a short excursion into the methods of fraud, so that you can imagine how they can steal your money by taking possession of your SIM card.
SIM card fraud methods
A fraudster has only two ways to get hold of your SIM card: to steal your phone or to duplicate your SIM card in the office. To obtain a duplicate, a whole chain of fraudsters is usually involved, including current or former employees of the operator's company. A notary is also involved here, who in another city draws up a power of attorney without the consent and presence of the SIM card holder. But sometimes a duplicate is made without any powers of attorney - an obvious criminal conspiracy. After receiving a duplicate, your card is usually blocked by the operator. Consider the possible actions of fraudsters after receiving a duplicate SIM card or stealing a mobile phone.
Withdrawing funds from a SIM card
If your account does not have enough funds, then nothing will prevent the other person who has taken possession of your number, from there (cash out). Here are just a few ways to do it:
- Mobile transfer from your account to the account of another number of the same mobile operator. The amount sent can be cashed in various available ways.
- Payment for services / goods on the Internet. If you pay attention, often when paying for a product in an online store, you may be offered to write off money from your mobile account, albeit with a large commission, but this does not matter for a fraudster.
- Withdrawing money to a card / electronic wallet using third-party online services, for example, MOBI.Money.
Withdrawing funds from a bank card through a mobile bank (sms-banking)
If you are a holder of any bank card (debit or credit), and you have the Mobile Bank sms-banking service activated (ie the card is tied to a cell number), then it will not be difficult for an attacker to transfer money from your card account to any cell phone or to any bank card. It is enough to dial a simple SMS command and send it to bank number from the cardholder's phone (which is not yours already or just for a while). This undoubtedly convenient service is called "Fast Payment", which in the wrong hands can play a bad service - a fraudster does not even need to find out your card number in order to transfer money from it. Fortunately, the transfer amount is limited.
Access to email and e-wallets
It will not be difficult to find out the mail (login) of the victim itself - they are all freely available. This is enough to recover the password by sending an SMS message by the postal service to the phone number that is linked to the account as the main number. After the attacker has entered the mail, he has access to your electronic wallets, because they are all tied to your mail address and so on. It remains only to withdraw all the money from the wallet, if the system does not suspect something was wrong. In the same way, they get access to electronic wallets WebMoney or QIWI.
Bank card access
This is a more serious situation, because knowing the details of your card, even with standard transfer limits, you can withdraw serious amounts from it. How to get the details (card number, expiration date, name and surname of the holder and CVV2 / CVC2 authentication code)? They are simply photographed when paying with a card at a point of sale or use more technically sophisticated methods (phishing or skimming). With this data in hand, a fraudster can bind it to a mobile phone account or to an electronic wallet and your money has disappeared (see cashing methods above)
We cannot 100% protect our SIM cards and accounts from such fraud, but we can still take some measures.
How to prevent such cases
Duplicate SIM cards are issued daily, however, the owner of the number is not always the recipient of them. To prevent such cases of SIM card fraud, you should:
- use only the numbers that are issued personally to you. This makes it possible to contact the operator as soon as possible to solve the problem. Better not to use anonymous SIM cards;
- try not to link all your accounts or bank cards to one number;
- have a separate SIM card for working with Internet banking and with a mobile bank. If possible, it is recommended to issue a foreign personal number (as experts advise on the forums), which will almost completely protect you from cases of a duplicate. It is better not to tell this number to anyone - not to tell even your close friends;
- use a separate SIM card for Internet banking on a separate phone (better than the simplest, push-button). On the simplest phone, you physically cannot "catch" a virus that intercepts SMS messages and can itself send commands to transfer money with an active SMS banking service. That is why it is categorically not recommended to log into the Internet bank via a browser or even a mobile application on a smartphone whose number is tied to a card (although working with the latter is much safer);
- if you use a smartphone, make sure that no unnecessary applications are installed on it. Be sure to install an antivirus. All applications must be installed only using links from trusted sources (in the application store, for example, on GooglePlay, there are many infected programs that can be linked to from unscrupulous sources). In addition, the use of e-mail or a browser can also entail negative consequences (the same phishing), which are described above. It is better to disable geolocation and other services on it;
- do not give your phone or SIM card to other people;
- ask the bank employees about alternative methods of confirming payments. It can be an e-token smart card that generates one-time passwords, crypto calculators and other methods;
- ask your mobile operator about the possibility of prohibiting actions with your SIM card by proxy. This service is offered by several Russian operators, including Megafon, Tele2, Beeline;
- do not set simple passwords for your accounts and change them at least once a year. And in order not to write them down in the phone's address book (so as not to forget), use special programs like KeePass that store passwords in encrypted form.
What if you feel that something is wrong?
What should citizens do in the event that a SIM card, which is tied to a bank card, electronic wallet or to a mail account, has been stolen / lost / restored by agreement. Don't panic in the first place. Follow the steps below, then the likelihood that your money will be stolen will greatly decrease:
- block your SIM card, payment accounts and bank cards. As a rule, it is enough to call the operator's hotline to prevent fraudsters from using your money. If you did not succeed in blocking by contact phone number, visit the nearest operator's office or bank branch. You still have to visit these institutions, since only documentary confirmation of the blocking will allow you to demand from the bank or operator the money stolen after that. Details in the article "How to return money illegally debited from the card?";
- unlink your cell phone number from internet banking, e-wallet, mail and all online services you use. It is not always possible to do this quickly, you may have to visit a bank branch and draw up an appropriate application in order to unlink the card to your number;
- immediately contact the bank if the attackers managed to carry out any operations with your bank cards. Inform the bank employees about suspicious transactions; draw up a claim-statement for the return of unreasonably debited funds (see the link above for details);
- apply with a statement to the cellular operator to compensate for the damage received. In this case, it is simply impossible to do without a statement. According to the law, the employer bears full responsibility for the losses incurred by his employees in the performance of their duties;
- write a statement to the police about the theft of money and receive a coupon notification about the institution of the case.
