Bank customers have lost more than £9.1million in ‘SIM swapping’ scams over the last five years, The Telegraph can reveal, as police warned people not to share details such as pet names on social media.
New figures from the City of London Police’s Action Fraud division show 4,495 have fallen for the scam, where phone companies are duped into switching a person’s number to a fraudster’s phone.
Victims lost on average just under £4,000 as the scam enables criminals to transfer large sums out of a target’s bank account undetected.
Police data also showed that the numbers of people falling victim has risen dramatically over the last five years with 144 cases in 2015 compared to 3,111 in 2018 – a more than 20 fold increase.
Sim swapping works by scammers convincing phone companies to “port” the victim’s number to a new phone, often by posing as a customer wanting to switch their business to a new provider.
Police said fraudsters often needed to control a victim’s phone number to wire money out of accounts they had hacked into, as most banks now require new transfers to be confirmed with a call or text.
Phil Keating, a senior crime reviewer at the National Fraud Intelligence Bureau, said scammers often scoured victim’s social media feeds for personal information often used as passwords or memorable security information, such as a mother’s maiden name.
They could then use this to convince phone companies they were the victim when requesting the swap.
Mr Keating said: “Be very conscious of not putting personal identifiable information in the public domain, such as date of birth, mother’s maiden name, names of their pets – the common things that usually are used as memorable information and passwords.
“If that information is just out there and easy to get hold of it will be easy for individuals to exploit that.”
Police said signs someone was falling victim to a sim swapping included not getting messages for an unusually long period of time and receiving an unexpected message from their phone company giving them a PAC code or saying they were sorry they were leaving.
In such cases, people are advised to contact their mobile provider straight away to make sure their number has not been moved.
The new figures come as a number of high profile people have recently had their phone numbers sim swapped. Last month, the pro-Brexit campaigner Arron Banks had his Twitter account hacked and private messages published online.
A spokesman for Mr Banks later said police were investigating the matter, but officers had told the businessman’s representatives they suspected his account had been hacked via a sim swap. Most social media companies allow users to secure their accounts with two-factor authentication, where someone signing into an account needs to confirm their identity via text.
In October, the food writer Jack Monroe said she was “living in a literal nightmare” when hackers stole £5,000 from her bank account after swapping her sim. The 31-year-old criticised the online encyclopedia site, Wikipedia, for having her real date on her profile page.
It seems my card details and PayPal info were lifted from an online transaction. Phone number was ported to a new SIM, meaning crims access/bypass authentication and authorise payments.
I’m an autistic, methodical, ruthless investigator, and I have a LOT of info to go on.
— ☘️����Jack Monroe (@BootstrapCook) October 11, 2019
Jason Hart, a cyber security expert and ethical hacker, said that with a sim swap, scammers were not only getting an opportunity to steal money, but also a cache personal information and messages being sent to the victim’s phone.
He added: “With a sim swap you are cloning the sim card so anything that has a relationship with the phone number you can have access to that too, like apps, texts, email.”